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ABSTRACT 


The cryptography is the art of protecting information by transforming encryption into unreadable 
format called cipher text. Only those who possess a secret key can decipher the message into plaintext. 
Either single or more cryptographic primitives are often used to develop a more complex algorithm 
which is called cryptosystem. Michael O. Rabin Cryptosystem can generate same ciphertext form 
different plaintext as well as multiple plaintext from single cyphertext. There are a number of 
techniques to reveal original plaintext, but none of them can separate similar cyphertext against each 
plaintext generated from modular reduction arithmetic. Another problem is forgery attack on Rabin 
signcryption algorithm and private key derivation. To solve those issues, a new cryptosystem has been 
designed which can efficiently separate similar ciphertext against each plaintext by removing all of the 
problem of Rabin cryptosystem identified in problem statements. The proposed cryptosystem 
comprises five algorithms: Key generation, Encryption, Decryption, Signature generation and 
Signature verification algorithm. To authenticate message, the syncryption algorithm has been 
designed. The proposed cryptosystem construction based on quadratic residue, quadratic quotient, 
floor function and absolute value counting, Diffie-Hellman key exchange protocol, concept of Michael 
O. Rabin signature algorithm, and probability theorem. The advantage of proposed crypto intensive 
technique is intended receiver gets only one plain value distinguishing the ciphertext against the 
plaintext by verifying signature of sender. Another advantage is that the sender generate signature using 
encrypted text and intended receiver can retrieve plaintext from signature through signature verification 
system. The proposed crypto technique requires less time complexity and probably secure against man- 
in-the-middle attack, chosen plaintext, cyphertext attack and modular squaring attack. The newly 
designed techniques uses random padding system including additional quotient and residuum. In terms 
of signature, Rabin signature is pair but proposed cryptosystem uses 4-tuple signature system. 

Keywords 

Cryptosystem, key distribution protocol. Extended Euclidean Algorithm, Chinese Remainder Theorem, 
Legendre Symbol, Congruence, ASCII- Code, Quadratic reciprocity, Jacobi Symbol, Dedekind sum. 
Group isomorphism, Cipher, Biswas cryptosystem. 
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CHAPTER 1 


INTRODUCTION 


1.1 Background 

The cryptography is the art of practice and study of techniques for secure communication in the presence of third 
parties called adversaries. It is a branch of cryptology. Cryptology is the scientific study of cryptography, 
cryptanalysis and steganography. The cryptography is the art of protecting valuable information by transforming 
encrypted data into unreadable format that is called cipher text. Only those who possess a secret key can decipher 
the message into readable format. Encrypted message can be broken by cryptanalysis that is called code breaking, 
although modern encryption techniques are virtually unbreakable. Cryptography is used to secure data in 
transmission, data storage and user authentication. Cryptography involves creating codes that allow information to 
be kept secret, cryptography converts data into an unreadable format so that an unauthorized user unable to decode 
while transmission. It replaces the handwritten signature to digital signature. Digital signatures are used to credit 
card authentication. Due to having the large number of commercial transactions over the internet, the cryptography 
is the main key in ensuring the security of the transmissions. In general, cryptography plays an important role for 
data confidentiality, data integrity, user authentication and non-repudiation. The cryptosystem is an implementation 
of cryptographic techniques and their accompanying infrastructure to provide information security services. More 
complex cryptosystems include electronic cash systems, signcryption system, etc. A sophisticated cryptosystem can 
be derived from a combination of several cryptographic primitives. Cryptosystems are sometimes called 
cryptographic protocol. In physical world, handwritten signatures are used to bind the signatory to the message 
analogously in digital world, the signcryption system is used to bind signatory to the digital message. Actually the 
message signing binds the identity of the message. It ensures the data integrity, message authentication and non¬ 
repudiation. There are different types of cryptosystems: Asymmetric key cryptosystem, Symmetric key 
cryptosystem, Hybrid cryptosystem. Knapsack cryptosystem, etc. Michael O. Rabin cryptosystem was one of the 
first asymmetric cryptosystem in the field of public key Cryptography. Security of Rabin encryption mechanism 
relies on prime integer factorization. (Rabin, 1976, 1979) proposed a public key cryptosystem and signature 
scheme. Together with encryption, decryption and signature schemes are called Michael O. Rabin cryptosystem. A 
large number of surveys were done on Michael O. Rabin cryptosystem to find out its efficiency and devise a new 
method for real life application. It has huge theoretical significance in cryptography. There are two light weight 
public key cryptosystems: Elliptic Curve Cryptosystem (ECC) and Rabin cryptosystem. Two public key protocol 
based on Rabin cryptosystem are used in implementation Ultra High Frequency (UHF RFID) and Radio Frequency 
Identification Reader (RFID) (Saxl.et.al. 2019). A slightly modified version of Rabin Cryptosystem (RAMON 
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cryptosystem) was used in implementation of UHF RFID and WIPR (Sensors). The Rabin cryptosystem is used in 
passive radio frequency identification by slightly modification. The encryption mechanism used to quadratic 
residue to produce cipher text and Decryption was accomplished by Computing two square root, Bezout’s 
coefficient using extended Euclidean algorithm and combining them with Chinese Remainder theorem. It was quite 
similar to RSA and ElGamal cryptosystems, Michael O. Rabin cryptosystem considered in ring under addition and 
multiplication modulo composite integer. 

In cryptography, Michael O. Rabin cryptosystem produces four decryption results of which one is correct and other 
three are pseudo results. However, those disadvantages turned into advantage in steganography on the other hand. 
Three illusion message brought benefit to steganography applications. Although, in cryptographic application, those 
three false results considered a weak point in Rabin cryptosystem due to the size problem. The disadvantage of 
Rabin Cryptosystem turned into advantage in steganography field which would be used not only constructing hiding 
map but also authenticated mechanism which guides the hiding process. The decryption algorithm will give four 
message of which one is secret message and the rest of three are illusion messages with a different length that will 
construct the map of graphical data. 


1.2 Motivation of the research 

With the growth of the Internet, encryption came into much wider use to protect credit card and other online 
transactional information. Only in the past decade, encryption has been widely used for ordinary communications 
and stored data because the number of genius hacking techniques is noticeably increasing day by day. Robbery in 
Bangladesh bank, for example, took place on (Editor, 2016), when thirty five fraudulent instructions were issued by 
security hacker via the SWIFT (Society for Worldwide Interbank Financial Telecommunication) inter-bank 
messaging system to illegally transfer to US. The attack resulted in the theft of $101 million of which $81 million 
remain missing. If we have had crypto-intensive technology, this type hacking robbery could not have taken place. 
This is not only Bangladeshi cyberspace problem but also worldwide developing countries’ cyber problem, 
although, the challenge of designing practical and secure encryption system is magnified by the fact that the 
encryption algorithms and protocols are notoriously fragile. Cryptosystem is the most effective way to achieve data 
security. So thinking about aforesaid security and privacy issues in cyberspace, I devoted myself to continue study 
on Cryptography to ensure confidentiality and security in communication. In fact, security and privacy issues are 
entirely two different beasts in information communication system. Since cryptography is a domain of computer and 
information security which is an evolving discipline that involves the study of technology, strategy, policies and 
standards regarding the security of and operations in cyberspace, it refers to secure information and communication 
techniques derived from mathematical concepts and set of rule based calculations called algorithms which 
transforms message in a ways that are hard to decipher. For those aforesaid reasons, I have been motivated in 
applied cryptography subject which is a branch of cryptology. 


https://doi.org/10.29322/ijsrp.29.12.2019 


2 


Publication Partner: 

International Journal of Scientific and Research Publications (ISSN: 2250-3153) 

1.3 Problem Statement (Research Gaps) 

To find out research gap is mandatory to do research and for that reasons literature reviews are necessary. Research 
gap analysis is also conducted through literature review in order to see how the proposed research methodology 
would fill in the gap in the research area. Michael O. Rabin Cryptosystem was not widely used because of having 
some computational error during encryption and decryption produced by modular arithmetic but its theoretical 
significance is widespread. However, RAMON cryptosystem is used in RFID reader. It was implemented based on 
Rabin cryptosystem. On the other hand, Rabin signature is vulnerable in forgery attack. One of the main 
disadvantages is to generate four results during decryption and extra effort needed to sort the right one out of four 
possibilities. Recently, many rigorous articles about Rabin cryptosystem have been published in different journals 
and conferences by researchers. A number of problem and ambiguity was noticed in Michael O. Rabin 
Cryptosystem during literature review and formulated in following steps. 

Issue-1: Rabin Encryption and Decryption system generates same cipher text from different plaintext for example, 
two random private key P=7, Q=ll, public key N=P*Q=7*11=77. M = {13, 20, 57, 64} four plaintext produce same 
cypher(c) = M 2 mod 77=15 and the same way it produces multiple plaintext from single cipher text during 
decryption. There is no algorithm to identify similar quadratic residue generated from distinct input in Michael O. 
Rabin Cryptosystem, the following example may be efficient for cryptographic readers. 


C= 13 2 mod 77 


C= 20 2 mod 77 


C= 57 2 mod 77 


C= 64 2 mod 77 


""A...... A - ’ 

"'K*. 

i C = 15 '• 


The same encryption result (15) generates from four distinct plaintext M= {13, 20, 57, and 
64} those results cannot be identified separately by Michael O. Rabin’s Cryptosystem. 


j* C = 15 

•>- . 


64 

13 

■4 

20 

57 

As we can see that these are confusing and inconsistency 

in Michael 0. Rabin Cryptosystem. 


Figure 1.1: Research gaps in Michael O. Rabin Cryptosystem 
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Issue-2: Private Key can be obtained through combination of two modular exponentiations, Chinese Remainder 
Theorem and Extended Euclidean algorithm. For example, apply GCD (|r-s|, N) where r and s are two roots. For 
example, GCD (57-13, 77) = GCD (44, 77) =11 which is Q and P=N/Q=77/11=7. 

Issue-3: The decryption of Rabin’s Cryptosystem is non deterministic. 

Issue-4: Rabin’s signature scheme is vulnerable to forgery attacks. It is relatively easy to compute S 2 modulo N by 
choosing any message m' and compute multiplicative inverse of m' (hash value of m) and then calculate U' — S 2 * 
m' -1 mod N and forge the signature as (tn' _1 ,1/', s) without knowing the factorization ofN. Assuming two Blum 
primes are p = 7, q = 11. Public key N = p. q = 77, m = 20, m' = m 2 = 20 2 mod 77 = 15 is hash value. Taking 

two values U = 25 and x = 12 arbitrarily for which the equation 12 2 mod 77 = ( 15 * 25) mod 77 is true. Hence, 

the signature (15,25 and 12} and the forgery signature (36,25 and 12), where 36 is multiplicative inverse of 15. 

Where U' = x 2 . m ,_1 mod N = 12 2 .36 mod 77 = 25 where Multiplicative inverse (m' _1 ) = 36. The forgery 

attacker forges the signature as (m' _1 , U',x). Since the U = U', s = x 2 mod N and m' _1 the multiplicative 
inverse of m'.So the signature is valid mathematically and forgery attacker become successful to achieve signature. 

1.4 Research Questions 

The research questions have already been mentioned in problem statements, even after presenting research 
questions more precisely for entire future cryptographic reader, the following question may be ideal for them. 

K How one can separate similar quadratic residue generated from different input in Michael O. Rabin 
cryptosystem? 

1.5 Research Objectives 

• To solve similar quadratic residue identification problem of Rabin cryptosystem. 

• To design a new cryptosystem. 

• To solve modular crashing attack on Michael O. Rabin Cryptosystem. 

• To counteract forgery attack on Rabin’s syncryption algorithm. 


https://doi.org/10.29322/ijsrp.29.12.2019 


4 


Publication Partner: 

International Journal of Scientific and Research Publications (ISSN: 2250-3153) 

1.6 Research Scope 

The research scope is limited to design a new cryptosystem to overcome the constraints of Michael O. Rabin 
Cryptosystem. The process of designing technique is as follows. 

Planning and prioritization 

t 

Analysis and design 

t 

Mathematical proof for testing and finalization 

t 

Ultimate result for publication 
Figurel.2: Research scope 

In the planning and prioritizing phase. Research gaps finding (mission statement) and decision taking (selection of 
vision statement) are main concern of research. Analyzing and design phase ensure designing of cryptosystem in 
particular, how desired problem’s solution will be implemented using different methodology. Mathematical 
experiment for testing and finalization ensures whether proposed techniques result in correct answer? 

1.7 Thesis Organization 

The road map of this research has been organized in the following ways. 

Chapter 1 briefly introduced the research background and some primary knowledge about Michael O. Rabin 
Cryptosystem. The problem statements (research gaps), research objective and research scope are introduced in this 
chapter. The rest of the research is organized as follows. 

Chapter 2 consists of literature review and preliminaries related to Michael O. Rabin Cryptosystem. 

Chapter 3 describes research methodology which indicates how I performed my research activities. 

Chapter 4 presents the author contribution and detail descriptions of research outcome has been given. A comparison 
between newly designed cryptosystem and Michael O. Rabin cryptosystem has also been demonstrated. 

Finally, Chapter 5 gives conclusion and future work for potential innovative reader. 
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CHAPTER 2 


LITERATURE REVIEW 


2. 1 Preliminaries 

The Euclidean algorithm is used to finds the greatest common divisor (GCD) of two numbers a, b £ N. It essential 
for Michael O. Rabin cryptosystem. The algorithm is as follows. 

■ First initialize the r 0 = a,r^ — b 
1 Now compute the following sequence of steps: 
r 0 = q 1 *r 1 + r 2i 
r i = q 2 *r 2 + r 3 , 
r n - 3 = q n -2 * r n _ 2 + r n _ x 

r — q n _ i * r n _i + r n Continue this process until there is a step for 
which r n = 0 while r n _ 1 ^ 0. 

■ The greatest common divisor is equal to r n _ 1 . 

The extension of above algorithm is called extended Euclidean algorithm which is useful in the finite field and in 
encryption algorithm. The Extended Euclidean algorithm not only calculates the gcd but also two additional integers 
x and y that satisfy the equation, a * x + b * y = gcd(a, b ) = d. It is clearly appears opposite sign of x and y after 
examining algorithm. The extended Euclidean algorithm (Table 2.1) which determines x, y, d from given a and b 
where a > b > 0. (Stallings, 2016). 
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Table 2.1: The extended Euclidean algorithm 


Initial 

Extension 

Calculates 

division 

* 

1 

II 

h-* 

V* 

1 

M 

II 

o 

a = a * + b * y x 

r! = a, r 0 = b 


o 

II 

o 

o 

II 

b = a* x 0 + b*y 0 

?! = a ? 

qi = 

^ , 

a = b * + r t 

x 1 = x_ 1 - q 1 * x 0 =1 

yi = y-1 - Ri * y 0 

= -qi 

rq = a* x 1 + b * y 1 

r 2 = br 

Ti = 

not 

b 

T.i. 

i jq 

b = r 1 *q 2 + r 2 

x 2 = *o - q 2 * 

y 2 = yo - <?2 * yi 

r 2 — a* x 2 + b *y 2 

r 3 = ? 

Rs = 

no 

r i 

r 2- 

ir 2 

r i = r 2 q 3 + r 3 

= *i~ q 3 * *2 

ys = yi - <73 * y 2 

r 3 = a* x 3 + b *y 3 





r n ~ Gi—2 

fin — 

mod. 

rn-2 

r n -ii 

Gi-i 

Gi-2 = <7n*Gi—1 

+ Gi 

X n — %n-2 ~ Rn * %n—1 

Yn ~ yn-2 ~ Rn * Yn-1 

r n = a * x n + b *y n 

r n+1 = r n _ 1 m 

Tn+l = 

od r, 
Gi-i 

r n 

= o 

Gi-i = <7n +i * Gi + o 


d = gcd{a,b) — r n 
x = x n ,y = y n 


Bezout's Identity (Bezout, 1779) is a GCD related theorem which is valid for every principal ideal domain. A pair 
of Bezout's coefficients can be computed by the extended Euclidean Algorithm. Modular arithmetic deals with 
whole numbers where numbers are replaced by their remainders after division by a fixed number in a modular 
arithmetic. Modular division is defined when modular inverse of the divisor exists. There are number of rules in 
modular arithmetic which is efficient in scientific experiment. Modular arithmetic is a system of arithmetic for 
integers, where values reset to zero and begin to increase again, after reaching a certain predefined value, called the 
modulus (modulo). Modular arithmetic is widely used in computer science and cryptography. The clear description 
of modular arithmetic can be found in (Gauss, et.al., 1965). The Chinese remainder theorem (CRT) is essential for 
Michael O. Rabin cryptosystem. The CRT asserts that composite number N is pairwise coprime for that the system 
of congruence x = a x (mod hfi), x = a 2 (mod N 2 ) where N x , N 2 are coprime. Bezout’s identity asserts the 
existence of two integers mi and rm such that m 1 N 1 + m 2 N 2 — 1. The formula of CRT is as follows. 


k 


I 

7=1 


aiMiNi 


Equ. (1) 


The details about Equ.(l) can be found in {Katz,et.al.,1998). 


The polynomial is an expression consisting of variables and coefficient. It involves addition, subtraction, 
multiplication operations and non-negative integer exponential variables. The novel polynomial equation is as 
follows 
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a n x n + dn.jX 71-1 . a 2 x 2 + a-^x 1 + a 0 x° .£qu. (2) 


Equ.(2) can be expressed more precisely by using summation notation is as follows. 


n 


1 

fc =0 


a k x k 


Equ. (3) 


For more details about Equ.(3), see (Manuel,et.al,2006). The Legendary symbol is a number theoretic function (-J 

which is defined to be equal to ±1 depending on whether a remains quadratic residue modulo p. The definition of 
Legendre symbol is as follows. 



if p\a 

if a is a quadratic residue modulo p 
if a is a quadratic nonresidue modulo p 


Equ. (4) 


If p is an odd prime, the Jacobi symbol reduces to the Legendre symbol. The Legendre symbols obey the following 
identity 


In general. 


(?) = (;)(;). 

a\ p_l 

-J — a 2 (mod p) if P is an odd prime. For more details, see (Jones, et.al., 1998). 


The ASCII 


characters are associated to an integer value for each symbol, letters, digits, punctuation marks, special characters 
and control characters. It is essential for communication system. The ASCII table (Karen, et.al. 2012) is presented 
in “Appendix A”. In mathematics and computer science, the floor function takes input x and gives output as an 
integer which less than or equal to x. The details about this can be found in (Knuth, et.al., 1988). Mobius function 
was introduce by the German mathematician August Ferdinand Mobius in 1832. It has many application in 
computer Science. For any positive integer n, define p(n) as the sum of the primitive n-th roots of unity. It has values 
in (—1,0, and 1} depending on the factorization of n into prime factors: 


■ p(n) — 1 If n is a square-free positive integer with an even number of prime factors. 

■ p(ri) — —1 If n is a square-free positive integer with an odd number of prime factors. 

■ p(n) — 0 If n has a exponential prime factor. For example, the Table 2.2 shows Mobius 
functionality is as follows. 

Table 2.2: Mobius function interpretation for 10 positive numbers. 


n 

1 

2 

3 

4 

5 

6 

7 

8 

9 

10 

p(n) 

1 

1 

-1 

0 

-1 

-1 

-1 

0 

0 

-1 


https://doi.org/10.29322/ijsrp.29.12.2019 


8 




















Publication Partner: 

International Journal of Scientific and Research Publications (ISSN: 2250-3153) 

The Mobius function can alternatively be represented as p(n) = where 8 is the Kronecker delta, /.(n) is the 

Liouville function, co (n) is the number of distinct prime divisors of n, and fi (n) is the number of prime factors of n, 
counted with multiplicity. 

Table 2.3: shows an alternative form of Mobius interpretation for 10 positive numbers. 


n 

i 

2 

3 

4 

5 

6 

7 

8 

9 

10 

^ & (number of prime factor) 

i 

-1 

-1 

0 

-1 

1 

-1 

0 

0 

1 


The Mobius function can be 


expressed by 

d\n 


Equ (6) 


For more details about Equ (6), see (Hardy,et.at, 1990, Klimov, 2001). The radio frequency identification (RFID) 
devices have been recently introduced in several applications and services as National Identification Cards, 
Passports, credit cards, etc. A passive radio frequency identification (RFID) reader for two dimensional localization 
of tagged objects in the ultra-high frequency. A software defined radio (SDR) system for measurements of minimum 
activation power and backscatter power of ultra-high frequency reader (UHF RFID). A device conducting RFID 
eavesdropping using software defined radio platform (SDRP). A classical RF attacks can be made on long range 
transmission protocols, however we extend the standard RF attacks to cover RFID communication protocols. For 

more clarification, see (Alex,et.al., 2014).The Jacobi symbol j j is the quadratic residuosity, it was 

used to distinguish the roots in the Rabin cryptosystem, when p = q = 3 mod 4. For primes congruent to 1 
modulo 4, The Legendre symbols cannot distinguish numbers of opposite sign, therefore quadratic residuosity is no 
longer sufficient to identify the roots. Higher power residue symbols could be efficient for desired job, but 
unfortunately their use is not straight forward and analogous reciprocity laws or multiplicative properties are not 
always at hand. Higher power residues have been used in some generalizations of the Rabin scheme working in 
residue rings modulo non-prime ideals of algebraic number fields. For instance, residue rings in Eisenstein or Gauss 
fields were considered and Rabin-like schemes based on encryption rules involving powers of the message higher 
than 2 were introduced. This approach does not address the problem of separating the roots of a quadratic equation 
in the classic Rabin scheme. Therefore, it is necessary to look at different kinds of higher order residuosity which 
should allow a reciprocity law, a finite group which does not reveal any information allowing the factorization of N. 
An idea is to multiply the exponent and consider the function which would identify message among the roots of 
unity in Z*n- This idea would be to make these roots publicly available and label them so that the sender of the 
message can tell which of them corresponds to the message actually sent. But it is necessary to masking by 
multiplying odd number in order to hide the factors N and most importantly we would find the square roots among 
the root of unity. The multiplicative group Z*n which is direct product of two cyclic group and 'Q q -i, can 

also be viewed as the direct product of two abelian subgroups, namely Q2 and a group of odd order that is 
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Z* N = (^2 x ^ 2 ) x (^ 2 /p+i x ^ 2 fq+i )• Therefore, every element a of Z* N can be written as a product. 
Vierergruppe is a group with four elements in which each element is self-inverse. It is non cyclic group. It is 
however an abelian group and isomorphic to the dihedral group of order 4. This group consists of three elements and 
an identity element. For example, four roots can be presented as V 4 = {1, -1, ip , ip }. This theoretical phenomenon 
would be clearer by following tree representation of correct root identification. 


Root 



For more details, seee (Takagi, et.al., 1997, Frohlich, et.al., 1994, Ireland, et.al., 1998, Lemmermeyer, 2000). In 
group theory, two groups are said to be isomorphic if there exists a bijective homomorphism. Group isomorphism 
theorem known as the homomorphism theorem. In this research activities, a practical method have been described in 
context of Michael O. Rabin cryptosystem working with any pair of primes that can have acceptable complexity, 
although it requires a one-way function that might be weaker than factoring. The public key consists of the two 
function. At the encryption stage both are evaluated at the same argument, the message m and the minimum 
information necessary to distinguish their values is delivered together with the encrypted message. The decryption 
operations are obvious. The true limitation of this scheme is that function must be a one-way function, otherwise 
two square roots that allow us to factor N can be recovered as in the residuosity subsection. For more details, see 
(Wikipedia). The Dedekind sums were introduced by Richard Dedekind. It is denoted by D (a, b, c) and the classical 
Dedekind sum was denoted by. 


X (©)(&) 

c modn=1 


Equ. (7) 
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The terms on the right of Equ. (7) being the Dedekind sum. For the case a=l, one often writes S (b, c) — D(l, b; c). 
Let C, N be relatively prime and N >1, then we set the methods of computation based only on the residue theorem 
from complex analysis. In mathematics, Dedekind sum are certain sums of products of a sawtooth function, and 

are given by a function D of three integer variables. Dedekind introduced them to express the functional equation of 
the Dedekind eta function. The well-known classical Dedekind sum is as follows. 


»•>-1 ( e )( 0 ). 

c mod n=l 

and the sawtooth function is as follows. 


Equ. (8) positive integers or coprime 


((*)) : = 


(x) — [x\ — — if x is not an integer. 


.Equ. (9) 


0 otherwise. 

The symbol ((x)), denotes the well-known Sawtooth function of period 1. 


The Dedekind sum satisfies different properties but here only few of them has been shown because of a number of 
author used Dedekind sum to solve Michael 0. Rabin cryptosystem which will be clarified at the end stage of 
literature review, 


ci = C 2 mod n =>S(ci,n) = S(c 2 ,n). 


Equ. (10) 


S (~c, n) = - S (c, n) . Equ. (11) 

S (c, n)+S(n,c) = ~- + ^ (- +^) . Equ (12) 

Equ. (10) to Equ. (12) known as the reciprocity theorem for Dedekind sums 
12nS(c,n) = n + 1 — 2 (f) mod 8 . Equ (13) 

Equ.(13) for odd number n, this property connecting Dedekind sums and Jacobi symbols. The first three properties 
allow us to compute a Dedekind sum by a method that mimics the Euclidean algorithm and has the same efficiency. 
In the sequel, we need the following Lemma, If n =1 mod 4, for any c relatively prime with n, the denominator of 

S(c, n) is odd. In the definition of S(c, n) we can limit the summation to n — 1 because ((“)) = 0 • furthermore, 

from the identity ((—*)) = — ((*)) it follows that 


2(s) 


= 0 for every integer c, so we may write the following formula 
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71 — 1 71-1 

Z fb 1 \ [be be 1 \ \ 1 b rbc be 1\ 

- 9 - 9 = / - 9 . Equ( 14) 

\n 2 J \n in] 2/ / n\n LnJ 2/ 

b =1 fc»=l 

Since is never 0, because b < n and c is relatively prime with n by hypothesis. Equ(14 ) can be split into two 


further summations is as follows. 


n-i 

Z b /be be \ 
n\n LnJ/ 

6=1 

n-1 

1 - n _ 
~~ 2 ^n" 4 


£■< 711 ( 15 ) and its denominator patently odd 


Equ. (16) 


For more details. See (Choi, et.al., 2018, Grosswald, 2009). The Dirichlet theorem was invented by John Peter 
Gustav who was a German mathematician who contributed to number theory, Fourier series and mathematical 
analysis. In number theory, Direclet’s theorem is called Direclet prime number theorem which states that for any two 
positive coprime integers a and d. There are infinitely many primes formation. The lists several arithmetic 
progression with infinitely many primes are shown in “Appendix B” which is collected from OEIS number 
sequence. A prime number is a natural number greater than 1 that cannot be formed by multiplying two smaller 
natural numbers. Stronger forms of Dirichlet's theorem state that any arithmetic progression the sum of the 
reciprocals of the prime numbers in the progression diverges and different such arithmetic progressions with the 
same modulus have approximately the same proportions of primes. The strong form of Dirichlet's theorem implies a 
divergent series that is an infinite series. It is not convergent. It means that the infinite sequence of the partial sum 
series does not have a finite limit. For more details see (Vari, 2014). The forking lemma is any number related 
lemma in cryptographic research. This concept was first used by David Pointcheval and Jacques Stern in "Security 
proofs for signature schemes," published at Eurocrypt in 1996. The forking lemma is specified in terms of an 
adversary that attacks a digital signature scheme instantiated in the random oracle model. They show that if an 
adversary can forge a signature with non-negligible probability, there is a non-negligible probability that the same 
adversary with the same random tape can create a second forgery in an attack with a different random oracle. The 
forking lemma was later generalized by Milir Bellare and Gregory Neven. The forking lemma has been used to 
prove the security of a variety of digital signature schemes and other random-oracle based cryptographic 
constructions. The forking lemma is actually helping theorem which meaning anything is received, such as a gift, 
profit, or a bribe, Lemma’s sole purpose to help in proving a theorem or your creative mathematical statements. For 
many signature schemes, having two signatures using the same randomness for two different hash values allows 
recovery of the private key. This is used in many security proofs by showing that an adversary that forges a valid 
signature can be coerced through replaying into producing two signatures of this form. As a consequence, a forgeries 
can be twisted into a key recovery attack. The technical question is how can we make sure that the forger is going to 
comply to our expectations and really forge two signatures for the same randomness. Indeed, in general, nothing 
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forces the adversary to use its randomness in a simple way. In particular, giving him the same coins and forcing 
changes the messages is not going to achieve the desired goal, because the adversary is allowed to mix the messages 
themselves into the randomness used for signing. The key idea is to restart the adversary with the same randomness, 
let it run without change until it generates the message Mo that was signed in the first run together with its 
randomness and then force a change on the rest of the run. At this point, in a practical setting, we could imagine 
using a fault attack on the hash function. However, in a theoretical model, the change is achieved by changing the 
responses of the random oracle that models the hash function on the first query that involves Mo and all subsequent 
queries. When we do that, we already know the behavior of the adversary until Mo is generated and hope that it will 
forge again on Mo with the same randomness but a different hash value. This is where the forking lemma comes into 
play. It is a technical lemma that analyzes the behavior of an adversary that receives some random values and 
outputs a pair of values. The result of the forking lemma is that the probability of getting two related runs with the 
same value. More precisely, the forking lemma makes it possible to give two different random signatures of the 
same message, to solve some underlying hard problem. A nice proof was given by Bellare and Neven is not too hard 
to follow. For more details about forking lemma, see (Bellare,et.at, 2006) . The Liouville function denoted by /.(n) 
and named after Joseph Liouville who was a French mathematician. It is an important function in number theory and 
cryptography. If n is a positive integer, A(n) is defined as A(n) = (—1) slfn) where fl(n) is the number of prime 
factors of n and counted with multiplicity. 


A(«) 


lj 



























1 






2 





4 















)0 


Figure 2.2: Liouville function A(n) = (— l) n ® 

LiouvilleLambda(n) gives the A(n) = p(n) = [i 2 (n)(—l) n(n) where X is completely multiplicative since Q(n) is 
completely additive, i.e.:/2(ab) = /2(a) + J2(h). The number 1 has no prime factors, so 0(1) = 0 and therefore 
L(l) = 1. For example, LiouvilleLambda(20) = —1. For the details about figure 2.2, have a look (Peter,et.al., 2013, 
Drane,et.al., 2012). The Sawtooth shaped like the teeth of a saw with alternate steep and gentle slopes. It uses for 
signal design and wireless communication. The convention of sawtooth wave ramps upward and then sharply 
drops. In the reverse saw-tooth wave, the wave ramps downward and then sharply rise. The following figure is 
represented to clarify the sawtooth function. 
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Figure 2.3: Ageneral form of sawtooth function for Dedekind Sum 


It is considered for an asymmetric triangle wave. The sawtooth waves are used for music. But in cryptography, we 
are just concern about general idea of sawtooth function which was used in Dedekind Sum, because real message 
can be retrieved using one of the properties of Dedekind sum. Rabin cryptosystem can be implemented by Dedekind 
sum. The product of sawtooth function is used in Dedekind sum. For more details, have a look (Rademacher, et. al., 
1972). 


2.2 Michael O. Rabin Cryptosystem 


Michael O. Rabin cryptosystem is an asymmetric cryptographic technique. The following encryption and 
decryption algorithm is enlisted from (Menzes, et.al., 1997). It uses 4k+3 prime formation where 
K=0.N-l. There are different variant of Rabin cipher which has illustrated bellow. 


2.2.1 Cipher Variant-1 

Algorithm for key generation: 

Each entity creates a public key and a corresponding private key. The entity A should do the following: 

■ Generate two large random and distinct primes p and q, each roughly the same size. 

■ Compute n = p * q. 

■ A’s public key is n; A’s private key is (p, q). 

Algorithm for Encryption: 

B encrypts a message m for A, B shoidd obtain A’s authentic public key n. then it represents the message as an 
integer m in the range of {0,1.... n— 1}. It computes c = m 2 modulo n and sends the ciphertext (c) to A. 

Algorithm for Decryption: 
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An entity A finds the four square roots mi, m 2 , m 3 and nu of c modulo n. the sending message was either mi, m 2 , m 3 
or nu. A decides which one of them is desired plaintext by ascertaining replicated bits. The computation steps are as 
follows. 

Step-1: Use the extended Euclidean algorithm to find integers Y p and Y q satisfying p. Y p + q.Y q = 1. 

(p+i) 

Step-2: Compute M p — c * mod p. 

(q+i) 

Step-3: Compute M q — c * mod q. 

Step-4: Compute x = (Y p *p * M q + Y q * q * M p ) mod n. 

Step-5: Compute y — (Y p * p * M q - Y q * q * M p ) mod n. 

The four square roots are x, — x,y and — y (modulo n). 

A workout example : The communication between two parties start with key generation: for example, Entity 
A chooses the primes p = 277, q = 331, and computes n = p. q = 91687. A’s public key is n = 91687, while A’s 
private key is (p = 277, q= 331). A then declares the public key to the other party who uses the public key n to 
encrypt message and sends to entity A. after that the entity A decrypts message by its private key. The process of 
encryption and decryption is as follows. 

Encryption: Suppose the last six bits of original messages are required to be replicated prior to encryption. In 
order to encrypt the 10-bit message m = 1001111001, B replicates the last she bits of m to obtain the 16-bit message 
m = 1001111001111001, which in decimal notation is m = 40569. B then computes c = m 2 mod n = 405692 
mod 91687 = 62111 and sends this to A. 

Decryption: To decrypt c, A uses aforesaid algorithm and her knowledge of the factors of n to compute the four 

square roots of c mod n: mi = 69654, m 2 = 22033, m 3 = 40569, nu = 51118, which in binary are mi = 

10001000000010110, m 2 = 101011000010001, m 3 = 1001111001111001, nu = 1100011110101110. Since 
only m 3 has the required redundancy, Adecrypts c to m 3 and recovers the original message (m) = 100111100 


2.2.2 Cipher Variant-2 

Rabin’s Cryptosystem is composed of Key Setup, Encryption and Decryption. The following variant is for large 
prime calculation outside the prime formation of 4k+3. 

Step-1: First choose random number beiL p until b 2 —4 a is a quadratic non residue modulo p. i.e.,(-——j = —1. 

By the condition on b 2 -4a,fis irreducible. Therefore R — z p [x] / (/(*)) is isomorphic toF p 2 , the finite field of 
orderp 2 Write <f for the image of x in R. Over R we have f(x) = (x — () (x — f p ) so that <f r ' +1 = a in R. 

p+i 

Therefore (, 2 e z p c R 
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Step-2: Let fbe the polynomial x 2 — bx + a in z p [x]. The b is picked randomly in range (0.. ..p). Similarly f be the 

polynomial x 2 — bx + a in z q [x] and b is picked randomly in range (0.q). [x] is a quadratic reciprocity. 

p+1 q +1 

Step-3: Compute r= (x)~ mod/ and r= {x)~ mod/using algorithm (note: r will be an integer). 

Step-4: Return(r, -r) note: r= residue, r is computed using polynomial arithmetic modulo the polynomial/ 

(a\ p -1 

Note: One of several ways to compute Legendre symbol (-) is as a 2 mod p with result p-1 replaced by -1. 

A workout example: 

According to congruence law. If m 2 = a mod N where = p * q =2173, 
m 2 = a p mod p, now compute a p = 1945 mod 41 = 18, 
m 2 — a q mod q , now compute a q — 1945 mod 53 = 37. 

Let b=2, ( b 2 — 4a)~ mod 41 = (2 2 — 4 * 18) 2 mod 41 

= (-68) 20 mod 41 = ((41 * 2) - 86) 20 
= 14 20 = (14 5 ) 4 mod 41 = 40, 

That is p — 1 because 41 — 1 = 40, hence choice b = 2 verifies that 

—4a\ 

—-— J = -1 and stick to it. So (p-1) replaced by -1. Now, we set polynomial for z p . 

f = x 2 - bx + a mod 41= x 2 - 2x + 18 mod 41= x 2 + (41- 2) x + 18 mod 41= x 2 +39x + 18 mod 41. X is a variable of 

P+1 

a polynomial and it has not particular value. Now compute (x) 2 mod f that is x 21 mod f. The binary representation 

of 21ao) = 10101 ( 2 ) 

Note: Easy binary conversion. 

Step-1: Divide 21 by 2 until the quotient 1 and ignore remainder. 

Step-2: Set even number =0 and odd number =1. 

Division = 1 2 5 10 21 

Binary settings =10 1 0 1 

Now compute left to right binary exponentiation. X k can rise in the following way. Just like point addition and point 
doubling. Means that start from x 1 and then square move to next bit (if next bit additive identify that will be added 
and pointer point to that one. Else if next bit is multiplicative identity that will be multiply). 

Hence we can write 10101=x 2 , x 4 , x 5 , x 10 , x 20 , x 21 mod/ 
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Now compute all x k mod f under z 41, 


Step-1: X 2 mod f under z 41 , 


x 


2 


+ 39x + 18| 


1 

X 2 

x 2 +39x+18 

-39x-i8 mod 41 


= (41 - 39)x+41-18 
= 2x + 23 


Since —39x — 18 goes beyond the limit of z 41, so we need to turn it back to the limit. 

—39x = (41 - 39)x = 2x and - 18 = 41 - 18 = 23 

2 

Step-2: X 4 mod funder Z 4 i=(x 2 ) mod x 2 + 39x + 18 mod 41. 


(2x+23) 2 mod x 2 + 39x + 18 under z 41 . 
=4x 2 + 92x + 529 mod x 2 + 39x + 18 
= Ax 2 + lOx + 37 mod x 2 + 39x + 18 


+ 39x + 18| 


4 

4^ 2 +l0a:+37 
4x 2 + 156x+72 


-146X-35 mod 41 


= ((41 * 4) — 146)x +41 — 35 

= 18x+ 6 
Hence x 4 =18x + 6 


Since 92x + 529 goes beyond the limit of z 41. So we need to turn it back to the limit. 

(92 — 41 * 2)x + 529 — 41 * 12 = 92x — 82x + 529 — 492 = lOx + 37 mod 41, Similarly, 
-146* - 35 = ((41 * 4) - 146)x + 41 - 35 = 18x + 6 


Step-3: X 5 mod f under z 41 = x * x 4 mod x 2 + 39x + 18 mod 41=(18x+6)x=18x 2 +6x 


+ 39x+ 181 


18 

18X 2 +6X 

18x 2 +702x+324 


-696X-324 mod 41 


= ((41 * 17) - 696)x + (41 * 18) - 324 

= 697x — 696x + 328 — 324 
= x + 4 , hence x 5 = x + 4 
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Step-4: X 10 mod f under z 41 = (x 5 ) 2 mod f mod 41= x 2 + 8x + 16 mod x 2 + 39x + 18 


+ 39x + 181 


1 

X 2 +8X+16 

x 2 +39x+18 


-3ix-2 mod 41 


= (41 - 31)x+ 41 - 2 

= 10x+ 39 

Hence x 10 =10x + 39 


Step-5: X 20 mod f under z 41= (x 10 ) 2 mod f mod 41= 100x 2 + 780x + 1521 mod f mod z 41. Since 100x 2 4- 780x + 
1521 goes beyond the limit of Z 41 . That means I went to future, I need go back to present (100 — 82)x 2 + 
(780 — 41 * 19)x + 1521 —(41*37) = 18x 2 +x +4 mod x 2 + 39x + 18 under z 41 


+ 39x + 18| 


18 

18X 2 +X+4 

18% 2 +702^ + 324 


-701X-320 mod 41 


= (738x - 701)x + 328 - 320 
= 37x + 8 , 
hence x 20 = 37x + 8 


Step 6: X 21 mod f under z 41 = x 20 x mod f mod 41 (37x+8)x=37x 2 +8x mod f mod z 41, 


+ 39x + 18| 


37 

37X 2 +8X 

37x 2 +1443x+666 

-1435X-666 mod 41 


= ((41 * 35) - 1435)x + 697 - 666 
= 0 + 31 

Finally x term has been vanished (surprised) leaving constant term 31. Thus m 2 = ai mod 41, a p =31 and -a p =41- 
31=10(additive inverse).Let a P| =31, a P2 =10. Analogously. Now, we set polynomial for z q before that we need to 
choose random value b (0.q) for which we get another quadratic non residue. Previously the condition was fulfill 

q-l 

by b=2. Now we need to choose different one rather than 2. Assuming b=4, i.e., (h 2 — 4a) 2 mod 53=(16 — 4 * 
37)^ mod 53= (16-148) 26 mod 53 

= ((53 * 3) - 132) 26 = (27) 26 = (27 6 ) 4 27 2 mod 53 =49*40 mod 53 = 52 that is q-l because 53-1=52 hence choice 

( 1 b 2 —4a \ 

—-—J = —1 and we stick to it. So (q-l) replaced by -1. Now, we set polynomial for z q . 

f = x 2 - bx + a q mod q= x 2 - 4x + 37 mod 53= x 2 + 49x + 37 mod 53. X is a variable of a polynomial and it has not 
particular value. 
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q +1 53+1 

Now compute (x)~ mod f=(x) 2 mod f that is x 27 mod f. The binary representation of 27(io> = IIOII 2 . The 
following is an easy binary conversion technique. 

Step-1: Divide 27 by 2 until the quotient 1 and ignore remainder. 

Step-2: Set even number =0 and odd number =1. 

Division = 1 3 6 13 27 

Binary settings =11 0 1 1 

Now compute left to right binary exponentiation (Rules for moving from one pointer to another). 

Step-1: Start from left most bit x 1 square it (x 2 ) 

Step-2: Now move forward one bit for or a bit by bit if upcoming bit is additive identity(O), addition will be 
performed(x 2+0 ) means that square term unchanged else if upcoming bit is multiplicative identity(l) multiplication 
will be performed(x 2 .x)=x 3 likewise continue up to final bit. 

Hence we can write 11011=x 2 , x 3 , x 6 , x 12 , x 13 , x 26 x 27 mod/ 

Now compute all x k mod f under z 53, 

Step-1: X 2 mod f under z 53, 

1 

x 2 + 49x + 37K 

x 2 +49x+37 _ 

- 49 X -37 mod 53 
= (53 — 49)x + 53 — 37 
= 4x+ 16 

Hence x 2 =4x + 16 (mod 53) 


Since —49x — 37 goes beyond the limit of z 53 , so we need to turn it back to the limit. Means that we are out range 
so we need add something to move in boundary. 


Step-2: X 3 mod f under z 53 =( 4 x + 16 )x=4x 2 +16x mod x 2 +49x+37 mod 53 


+ 49x + 37| 


4 

4x 2 +16;x: 

4x 2 +196X+148 


—i 80 x—148 mod 53 


= (212 - 180)x + 159- 148 
••• x 3 — 32x + 11 (mod 53) 
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Step-3: X 6 mod f under Z 53=(32x + 11 ) 2 =1024x 2 +704x+121 mod x 2 +49x+37 mod 53 =17x 2 +15x+15 mod/mod 

53 


x 2 + 49x + 37P 7 * 2+15 * +15 

’’./A TOOOATO 

-8i8x —614 mod 53 


17x 2 +833x4629 


x 6 = 30x + 22 (mod 53) 


Step-4: X 1 - mod f under z 53=(30x + 22) 2 =900x-+1320x+484 mod x~+49x+37 mod 53 


= (900-848)x 2 +(1320-1272)x+484-477=52x 2 +48x+7 

52 

x 2 + 49x + 37 | 52 * 2+48 * +7 

52x 2 +2548x+1924 

— 25 oox—1917 mod 53 


X 


12 _ 


44x + 44 (mod 53) 


Step-5: X 13 mod f under z 5 3 =( 44 x + 44)x=44x 2 +44x mod x 2 +49x+37 mod 53 


r 2 I AOy I 07|4« Z +4« 

x -i- wx -t- ■ i/ l 44 ^. 2 +2156x+1628 


—2112x—1628 


mod 53 


x 13 = 8 x + 15 (mod 53) 

Step-6: X 26 mod f under z 53 =( 8 x + 15 ) 2 =64x 2 +240x +225 mod x 2 +49x+37 mod 53 
= (64-53 )x 2 +( 240-2 12)x+225-212=11 x 2 +28x+13 mod x 2 +49x+37 mod 53 


r 2 I AQy I o 7 |ll^ + 28X+13 

X + ‘i'JX + • 3/ l llz 2 +53gx+407 


-5iix-394 mod 53 
x 26 = 19x+ 30 (mod 53) 


Step-7: X 27 mod f under z 53 = (19x + 30)x=19x 2 +30x mod x 2 +49x+37 mod 53 


+ 49x + 3 71 


19 

19X 2 +30X 

19x 2 +931x+703 


-901X-703 mod 53 


= ((53 * 17) - 901)x + 39 (mod 53) 
x 21 =0 + 39 (mod 53) 

Finally x term has been vanished (surprised) leaving constant term 39. Thus m 2 = a q mod 53, a q =39 and -a q =53- 


39=14(additive inverse).Let a q =39, a q2 =14. Now we have to calculate Bezouts coefficient for q=53 and p=41 by 


using Extended Euclidean algorithm. Hence, x=-17, y=22. Means that -17 is inverse of y(41-17)=24 and 22 is 
inverse of x. hence, u=24, v=22. Now using Chinese remainder theorem we have to calculate four conjugative roots 
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(R). Achieving coefficients is Bezout coefficients come from inversion technique (recursively) that is why quadratic 

residue modulo p and modulo q are used recursively in Chinese remainder theorem. CRT = (Bezouts coefficient * 

private key! * square root 2 + Bezouts coefficient 2 * private key 2 * square root!) mod N. as we know square 

root =+v means that formula must be used twice one for positive root and one for negative root and therefore the 

CRT is as follows. 

Ri = {(y*p * a qi) + (x * q * ctpi)} mod 2173 

= 22 * 41 * 39 — 17 * 53 * 31 = 35178 - 27931 = 7247 mod 2173 = 728 
R 2 = -1?! mod 2173 = 2173 - 728 = 1445 
R 3 = {(y*p * ctqz) — (x * q* a p2 )} mod 2173 

= 22 * 41 * 14 + 17 * 53 * 10 = 12628 - 9010 = 31638 mod 2173 = 2081 
R 4 = -R 3 mod 2173 = 2173 - 2081 = 92 


Therefore intended message is one of the four roots (728, 1445, 2081, 92). To identify right one from four root is 
quit but tricky. However, it co uld be solution of parity bit selection or replicating biting technique. The message can 
be identified among four roots by choosing such roots which satisfies any one of them Ri or Ri or R 3 or R 4 = ±1 mod 
53 and = ±2 mod 41. 


2.2.3 Existing Research on Rabin Cipher 

There are many surveys have been dedicated over Rabin’s cryptosystem. Recently various modifications of Rabin’s 
cryptosystem have been published in different scientific journals (Hardy, et.al., 1971), Identification Scheme using 
biquadratic residuosity. A Rabin scheme working with primes p=7 and q=ll congruent 3 modulo 4 can be defined 
considering the decomposition N — vv with v — n 1 n 2 being the product of two primary factors of p and q 
respectively. 


A worked out example : the public key V, message (m) =13, 
Encrypted message {C, bo, bi} where C=m 2 mod N=15, bo=m mod 2 =1, 



ea ij 

e {—l, —i} 


= lx - lx - 


1 = 1 


Equ. (17) 
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Decryption Stage : According to Congruence law, step (1, 2) is computed. 

Step-1: y Vi — 1 mod 7 —* 11 Vi — 1 mod 7-> 2 Vi = 1 mod 7-> Vi = 2 
Step-2: y V 2 = 1 mod ll->7 V 2 = 1 mod 11^ (-3) V 2 = 1 mod ll->Vi = 8 

The following root computation process for deterministic polynomial time because of Blum prime formation 
considered in this example. 


ai =C <lp+1)/4) mod p = 15 2 mod 7=1 
a 2 = C ((q+1,/4) mod q =15 3 mod 11=9 
1 + + 1 


a 3 =p-ai = 7- 1 = 6 inverse of ai 
a 4 = q-a 2 = 11-9 = 2 inverse of a 2 

1--1 


Now according to CRT, Four roots of unity is computed bellow. 

Step-1: [++] x = 1 mod 7 and x = 9 mod 11 

x 1 = 1% * V 1 * ^ + a 2 * V 2 * ^ J mod N 

= (l * 2 * y + 9 * 8 * y} mod 77 = 527 (77) = 


64 


Step-2: [— h] x =6 mod 1 and x = 9 mod 11 

x 2 = |a 2 * Pi * ~ + a 3 * P 2 * ~ } mod N 

= (6*2*y+9*8*y} mod 77 = 636 (77) = 20 


Step-3: [H—] x = 1 mod 7 and x = 2 mod 11 

*3 = { a i * Pi * ~ + a 4 * V 2 * ^ J mod A 

= (l * 2 * y + 2 * 8 * y } mod 77 = 134 (77) 


= 57 


Step-4: [-] x = 6 mod 7 and x = 2 mod 11 

x 4 = ja 3 * V 4 * ^ + a 4 * R 2 * mod N 

= (6 * 2 * y + 2 * 8 * y} mod 77 = 244 (77) = 13 
Choose two roots specified by bo those are (X3, X4). Now compute quartic residues as follows 


lrl = 1 x m-1 = 0 

ft- [t] 4 -[S1,-[t] 4 ["Hi [J 4 If], = 1 x - 1 X -1 = 1 
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Now D 2 is equivalent to bi. So root X 4=13 is originally decrypted message. 

(Williams, 1998) proposed an implementation of the Rabin cryptosystem in 1980 using a parity bit and the Jacobi 
symbol. The decryption processes based on the observation is as follows. 


D= 1 - (p—l)*(q—1) 

2 ^ 4 


+ 1), if b = a 2 mod N and (j^j = 1, we have b D = a (-j = a (-j, given that a( = (a \|/1 + a 


V 2 )^ = a( ^) v|/j + a( v|/ 2 = (^ ) Vi + (^ ) v|/ 2 = 0 = (^), as (^) = a V mod P’(“) = a V mod q 


Public key: N, S, where S is an integer such that Jacobi symbol ( — ) = —1 

Encrypted message: C, ci, C 2 , where ci =j{l - (~)} 5 m i = m * S Cl mod N, 
c 2 — m i mod 2, and C = m t 2 mod N. 

A workout example: 

Decryption stage: Receiver computes m' = C D mod N and m" = N — m', and choose the two roots number among 
four with the parity specified by C 2 . The original message is recovered as opposite of m = S Cl m". 

Step 1: Suppose Alice and Bob are communicating each other by exchanging message. First Alice choses two 
random prime number p=7 and q=l 1 according to p=q=3 mod 4 privately and calculate public key N=7.11 = 77, 


secret key D = ^ (7 1 ^ 11 — + 1) = 


1) = 8. After that she will choose S such that = — 1 , Let S = 2 and ( ^ ) = ( ^ ) 


(—) = -1. Now Alice publicizes two public keys {77, 2} and keeping D as a private key in her pocket. 
Step 2: Now Bob wants to send message (m) = 54 to Alice. First, he will compute 

ifi-GOl-H 1 -(“)©}= :R({) (?)£)©} 

= ; t 1 - ( 7 ) 6) (r) (r)l = : t 1 - (ir)} ■ 3 ^ 3 '"»‘ i 4 - 11 ^ 3 4 


m- 


— 20 * 54 mod 77 = 54, c 2 = 54 mod 2 — 0, and 


C — 54 2 mod 77 = 67 and then he will send tuple (0, 0, 67) as a cypher text to Alice. 
Step 3: m' = C D mod N = ((67) 4 ) 2 mod 77 = 23, m" = N - m! = 77 - 23 = 54 
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the original message is 54 because sending parity bit of Bob is even that is why message must be even. William’s 


Scheme work if and only if 



= 1 and 


— 1. This scheme does not have solution of same quadratic residue 


too. Another simple variant is as follows. 


Encryption Message: (C, b 0 , b^, where Let the private keys are: p = 19 and q — 31, 

Message (M) = 65 = A (ASCII). Public key N = 589 
C = 65 2 mod 589 = 102 , b Q = M mod 2 = 1, b, = -fl + —] = 0.5552 
A sends the triplet (102,1,0.5552) to B. 

Decryption : B’s private keys p = 19 and q — 31 are predefined. 

B computes after getting response from an entity A is as follows. 

P +1 

M p — C mod p — 102 s mod 19 = 102 2 * 102 3 mod 19 = 11 

£+1 

M q — C 4 mod q — 102 8 mod 31 = 28 

A 1 * 19 + A 2 * 31 = 1 and GCD (31,19) = 1. Applying Extended Euclidean algorithm, find out X 1 = —13, A 2 =8 
and then applying Chinese remainder theorem four roots can be calculated by following ways. 

Xi = (-13 * 19 * 28 + 8*31*11) mod 589 

= (-6916+ 2728) mod 589 = 4712- 4188 = 524 
X 2 = N - Xi = 589 - 524 = 65 
X 3 = (-13 * 19 * 28 - 8*31*11) mod 589 
= (-6916 - 2728) mod 589 
= 10013 - 9644 = 369 
X4 = N - X 3 = 589 - 369 = 220 


Now two roots(x 2 , x 3 ) will be selected specified by bo and calculate two equation 



0.5552 

0.8132 


Now bob will match Riand R 2 with bi. Since bi=Ri.s 0 original message X2=65. 


Alternatively the following approach can be applied. 


(p+l) 

M p — C 4 mod p — 102 s mod 19 = 102 2 * 102 3 mod 19 = 11 

6/+B 

M q — C 4 mod q = 102 8 mod 31 = 28 

u P ,u q 

— M p mod p =19-11 = 8 mod 19 = 8 , 

Up-,U q - 
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—M q mod q — 31 — 28 = 3 mod 31 = 3 


n/p * Vi = lmodp -» 31 * v ± = 1 mod 19 -» v ± = 8 

Vi 

n/q * v 2 = 1 mod q -» 19 * v 2 = 1 mod 31 -> u 2 = 18 

v 2 


Finally, by applying the Chinese remainder theorem, four square roots has to be computed and the system of 
congruence x = iq * v< — is as follows: 

n i 


Step-1: x — 11 mod 19 and x = 28 mod 31: 

x = (u p * v 1 * — + u q * v 2 * -) mod N 

= (11 * 8 * 31 + 28 * 18 * 19) mod 589 
= 12304 mod 589 
= 524 

Step-2: x = 8 mod 19 and x= 28 mod 31: 

x = ( u p * v 1 * — + u q * v 2 * -) mod N 

— (8*8*31 + 28 * 18 * 19) mod 589 
= 11560 mod 589 
= 369 

Step-3: x = 11 mod 19 and x = 3 mod 31: 

x = (u p * * - 4- u q * v 2 * -) mod N 

= (11 *8*31 + 3* 18* 31) mod 589 
= 4402 mod 589 
= 279 

Step-4: x = 8 mod 19 and x = 3 mod 31: 

x = (u p * * — 4- u q * u 2 * —) mod jv 

= (8*8*31 + 3 * 18 * 19) mod 589 = 3010 mod 589 = 65 
Finally, the original message must be among the 524, 369, 279 and 65, As b 0 — 1, 
we take the 2 roots specified by b 0 , as x = 67, y = 181. 


1 

r 

X - 

i it 

67 ) 


1 + 


= -1 + 

— = 0.556876 

2 ' 

t 

n ' 

1 21 

589 J 

1 

r 

y ' 

1 If 

181 1 


1 + 


= - 1 + 

— = 0.653650 

2' 

L 

n ' 

1 21 

589 J 


Nowb= 0.556876, r = b, the message M = x = 67, 
So the Plaintext P = (M - K s ) = (67 - 24) = 43 
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(Elia, M. et at, 2013) implemented a solution of Rabin’s Cryptosystem using Dedekind Sum. The implemented 

techniques are described as follows. 


Encrypted message: 


{C, bo, bi}, where C = m 2 mod N — 13 2 mod 77 = 15. N = p * q — 7 * 11 = 77 
b 0 — m mod 2 = 13 mod 2 — 1 ,b 1 — S (13, 77) mod 8. 

bi = 77+1-2 fyj mod 8 = 78 - 2 (y) (y) mod 8 = 78 - 2 (y) mod 8 

= 78-2 0) (-1) mod 8 = 78 - 2 (l)(l)mod 8 = (78 - 2) mod 8=4 

Decryption stage: 

Receiver computes A 1 = —3 and A 2 — 2 by extended Euclidean algorithm and Roots are as follows. 

(P + 1) (7+1) 

u 4 = C 4 modp = 15 + mod 7 =1 

(g+i) (ii+i) 

u 2 = C + mod q — 15 4 mod 11 = 9 
Now calculate four roots using Chinese Remainder theorem 

X\ — (p * A t * u 2 + q * A 2 * %) mod N = (7 * — 3*9+ 11*2*1) mod 77 — 64 
X 2 — N — Xi — 77 — 64 = 13 

X 3 = (p * A 1 * u 2 — q * A 2 * %) mod N — (7 * —3 * 9 — 11 * 2 * 1) mod 77 — 20 
X 4 = N - X 3 = 77 - 20 = 57 

Choose two roots specified by bo that’s are (X 2 , X+) now apply Dedekind sum on X 2 = D 2 = S(13,77)and 
X 4 = £i 4 = 5(57,77) 

Computation: 


X 2 =D 2 = 5(13,77) 

= 77+ 1-2 mod 8 
= 78 - 2 (y) Q£) mod 8 
= 78-2 mod 8 

= 78-2 g)(g (—1) mod 8 

= 78-2 (1) (-1) (—1) mod 8 
= (78 - 2) mod 8=4 


X 4 = D 4 = 5 (57, 77) 

= 77 + 1-2 mod 8 
= 78-2 (y ) (y) mod 8 

= 78-2 (})(^;) mod 8 
= 78-2 (1) (-1) mod 8 
= 80 mod 8=0 
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Receiver accept the original message by comparing tow Dedekind sum Di and D 4 with bl. It can be seen that b 4 
D 2 — X 2 means that 13 is the right plaintext. This can be expressed using congruence law is as follows. 

Step-1: ~^i = 1 mod 7 -> 11 V x = 1 mod 7 -> 2V 1 = 1 mod 7 ^ V 1 = 2 
Step-2: ^V 2 = 1 mod 11 -» 7 V 2 = 1 mod 11 -» (-3)V 2 = 1 mod 11 ^ V 2 = 8 

The following root computation process for deterministic polynomial time because of Blum prime formation 
considered in this example. 


a, = mod p = 15 2 mod 7 = 1 « 3 = V ~ % = 7 - 1 = 6 inverse of a,. 


(q+n , 

a 2 = C 4 mod q = 15 2 mod 11 = 9 


a 4 — q — a 2 = 11-9 = 2 inverse of a 2 


[ + + ] 


[--] 


According to CRT, four roots are calculated bellow. 


Step-1: [++]*= 1 mod 7 and x = 9 mod 11 




Step-2: [—f] x = 6 modi and x = 9 mod 11 




Step-3: [l—] x = 1 mod 7 and x = 2 mod 11 



7 


+ 2*8*^} mod 77 = 134 (77) = 57 


Step-4: [-] x = 6 modi and x = 2 mod 11 




Choose two roots specified by bo that’s are (A 3 ,A 4 )now apply Dedekind sum on D 3 = S (X :i , ligand 


D 4 — S (X 4 , 77). The computation process is as follows: 
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D 3 = S (57,77) 

= 77 + 1-2 g( ) mod 8 

= 78 - 2 (?) (it) mod 8 

= 78-2 (5) (g) mod 8 

= 78-2 (1) (—1) mod 8 
= 80 mod 8 = 0 


D 4 = S (13,77) 

= 77 + 1 - 2 (55) mod 8 

= 78-2 (y)g))mod8 
= 78-2 g ) (50 mod 8 
= 78-2 g) g) (—1) mod 8 


= 78-2 (1) (-1) (—1) mod 8 
= (78 -2) mod 8 = 4 

Receiver accept the original message by comparing tow Dedekind sum (D3, D4) with bi. It can be seen that b-j = 
D 4 = X 4 means that 13 is the right plaintext. Alternatively , receiver accept the original message by selecting two 
roots (X 3 , X 4 ) among four specified by parity bit b 0 compute following equation to select right one 

x 3j 


If x 3) If 57-) 

= 21 1 + 77) = 21 1 + 77) = 087013 

If x 4j If 13) 

Rz = 2 l 77j = 21 77j = °‘^ 8442 


R 2 is equivalent to b 1( so Root X 4 = 13 is the right plaintext revealed. They also show another deterministic 
variant of Rabin cryptosystem which is as follows. 


Public-key: 1 st public key N, 2 nd public key where f = a 2 - (t/q — xp 2 ) is an integer. 


Encrypted message: 

C For 1 st round, (Ce, C 2 ) for 2 nd round, C = m 2 mod N. C 4 = i(l - (^ j, 

C 2 = mmod 2, C E — C (— l) Cl f C2 mod N 

Decryption stage: 

Receiver computes four square roots and chooses the two roots among four with the parity specified by C 2 . After 
that, he neglects one which is equivalent to Ce from selected two roots and accepts remaining root as an original 
message. 

A workout example: 

Round 1 st : At the initial round, Alice publicizes one public key and Bob generates an encryption key using Alice’s 
public key and then sends it to Alice. Suppose Alice and Bob are communicating each other by exchanging message. 
Alice choses two random prime number p=7 and q=ll according to p = q = 3 mod 4 privately and calculate public 
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key N — 7*11 = 77, Alice publicizes 1 st public keys 77 keeping secret key in her pocket. Then Bob generates 
initial encryption message C = 13 2 mod 77 = 15 using the public key of Alice and send it to her. 

Round 2 nd : In this round, Alice publicizes 2 nd public key after receiving first encrypted message from Bob, on the 
other hand. Bob generates another encrypted message which helps Alice to identify actual message using Alice’s 2 nd 
public key and then sends it to Alice. She computes another public key using Euclidean Algorithm and Bob’s 
encryption message 15 is as follows: 

First of all the conditions A x *p + A 2 * q = 1 and GCD ( p,q ) = 1 must be true. These A x , A 2 are Bezout’s 
identity. xp x = A 2 *q — 22 ,ip 2 —A x *p — —21, Let, new public key f = 15 2 (i p x — xp 2 )modN = 
15 2 (22 + 21) mod 77 = 50 and declare 50 as a 2 nd public key. The following root computation process for 
deterministic polynomial time because of Blum prime formation is considered in this example. 

(P+i) _ 

a i — (C E ) 4 (mod p) — (15) 2 (mod 7) = 1 

(g+i) 

a 2 — (C E ) 4 (mod q) = (15) 3 (mod 11) = 9 
She will compute four roots using CRT. 

Y x — (a 2 xp x + cci/^) mod N — 9 * (—21) + 1 * 22) mod 77 = 64. 

Y 2 = N - Y x = 77 - 64 = 13. 

Y 3 = (^ 2 ^ 1 + a x ip 2 )mod N — 9 * (—21) — 1 * 22) mod 77 = 20 
Y 4 = N - Y 3 = 77 - 20 = 57 

Bob re-encrypts message using both public key of Alice as follows. 

C 2 = 13 mod 2 = 1, C E = C (-l) Cl * 50 c * mod N = 15 (-1)° * 50 1 mod 77 = 57 

Now Bob will send 2 nd encrypted message as a pair (Ce, C 2 ) to Alice. Finally, Alice selects two roots (13, 57) 
specified by parity bit C 2 among four and reject one root (57) specified Ce. So remaining 13 will be accepted as a 
valid message by intended receiver. 

(Hasim, 2014) proposed an update methodology that used three private keys instead of two. Consequently, the eight 
non-deterministic plaintext generates from one cypher text. One of them is real plaintext. The advantage of this 
technique is to make confusing attacker while it is very annoying to receiver as extra effort is required to distinguish 
original plaintext out of eight text. The name of the technique initiated by author name. The description of 
techniques are as follows. 

Encryption of H-Rabin cryptosystem: 


https://doi.org/10.29322/ijsrp.29.12.2019 


29 




Publication Partner: 

International Journal of Scientific and Research Publications (ISSN: 2250-3153) 

The key-generation process of H- Rabin crypto system is as the following: Choose three large distinct 
primes p, q and r. However the scheme works with any primes, choose p = q = r = 3 (mod 4) to simplify the 
computation of square roots modulo p, q and r. Let N the public key such that N = (p * q * r) where the primes 
p, q and r are the private key. To encrypt a message only the public key N is needed, thus a cipher text is produced 
out of the original plaintext. To decrypt a cipher text the factors p, q and r of N are needed. The encryption process 
of H-Rabin cryptosystem is as the following: 

Let P — (0,1,2 ... N — 1} be the plaintext space (consisting of numbers) 

Let m e P = (0,1,2 ... N — 1} be the plaintext 

Let C be the cipher text that can be computed by, C — e k (m) = m 2 (mod N) 

Now the encoded message can be sent as C. Once the message reaches the destination, it must be decrypted. 

Decryption of H-Rabin cryptosystem: 


To decode the cipher text, the private keys are necessary. For that reasons, use the decryption function d g (c) = yfc 
(mod N). Since the encryption function e k is not an injection function, the decryption is not ambiguous. There exist 
eight square roots of c mod N (c = m 2 mod N ), so there are eight possible messages. The decryption try to 
determine m such that: C = m 2 (mod N) which is equivalent to solving the three congruence: 

(p+i) 


Z 2 = c (mod p), 
Z 2 = c (mod q ), 
Z 2 = c (mod r) 


m p = C 


m q = C 


4 (mod p) 
(g+i) 

4 (mod q) 


( r +i) 


m r = C 4 


(mod r) 


Finally, the eight square roots of c mod n can be computed applying the Chinese remainder theorem to the system of 
congruence: + m p (mod p), — m p (mod p), + m q (mod q), — m q (mod q), + m r (mod r), — m r (mod r) 


A workout Example: 


Let IV = 1463 = p * q *.r — 7* 11 * 19 and m = 41. First, the message m must be encrypted using the 
encryption function: C = e k (m) = m 2 (mod N ) = 41 2 mod 1463 = 218 

The encrypted message C = 218 is sent to the receiver. The receiver must decrypt the message C and has to find the 
eight square roots of 218 modulo 7, modulo 11 and modulo 19. The following root computation process for 
deterministic polynomial time because of Blum prime formation is considered in this example. 

(P + D (7 + 1) 

m p = C + modp = (218) + mod 7 = 1 

(g+i) (n+1) 

m q = C + mod q = (218) + mod 11=3 

(r+l) (19+1) 

m r = C + modr = (218) + mod 19 = 16 
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M 

The system of congruence, x = m < is as follows 


+ m p (mod p) 
— m p (mod p) 
+ m q (mod q ) 


= 1 (mod 7) 
= 6 (mod 7) 
= 3 (mod 11) 


— m q (mod q ) = 8 (mod 11) 
+ m r (modr') = 16(mod 19) 

— m r (mod r) = 3 (mod 19) 


Finally, we can apply the Chinese remainder theorem to compute the eight roots: First of all, we compute bi, bi and 
b3 such: 


Computation: 

— 1 (mod 7) -> 

• 209 bi = 

1 (mod 7) -» 

6 N = l(mod7) -» 

bj^ = 6 

Computation: 

^-b 2 = 1 (mod 11) 

^ 133b 2 = 

i 1 (mod 11) 

-» 6 b 2 = l(mod 11) 

-» b 2 = 1 

Computation: 

^b 3 = 1 (mod 19) 

-» 77 b 3 = 

1 (mod 19) - 

^ 6 b 3 = l(mod 19) - 

b 3 = 1 


Now according to CRT, four roots can be computed as follows. 

Step-1: x = l(mod 7),x = 3(mod 11) and x = 16(mod 19): 

= ( a it>i - + a 2 b 2 - + a 3 b 3 - j mod N 

x 1 = {(1) (6) (11 * 19) + (3) (1) (7 * 19) + (16) (1) (7 * 11)} mod 1463 
Xj = 2885 mod 1463 = 1422 


Step-2: x= 6(mod7),x = 3 (mod 11) and x = l6(mod 19): 
x 2 = — + a 2 b 2 — + a 3 b 3 —j mod N 

x 2 = {(6) (6) (11 * 19) + (3) (1) (7 * 19) + (16) (1) (7 * 11)} mod 1463 


x 2 = 9155 mod 1463 = 377 


Step-3: x = l(mod 7),x = 8 (mod 11) and x = 16 (mod 19): 
x 3 = (a^ — + a 2 b 2 — + a 3 b 3 — jrnod N 

x 3 = {(1) (6) (11 * 19) + (8) (1) (7 * 19) + (16) (1) (7 * 11)} mod 1463 
x 3 = 3550 mod 1463 = 624 
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Step-4: x = l(mod7),x = 3(modll)andx = 3 (mod 19): 
x 4 = ( aibi - + a 2 b 2 - + a 3 b 3 -j mod N 

x 4 = {(1) (6) (11 * 19) + (3) (1) (7 * 19) + (3) (1) (7 * 11)} mod 1463 
x 4 = 1884 mod 1463 = 421 

Now, we can take the advantage of symmetry to get the other results: 

Step-5: x 5 = 1463 - 1422 = 41. 

Step-6: x 6 = 1463 - 377 = 1086. 

Step-7: x 7 = 1463 - 624 = 839. 

Step-8: Xg = 463 - 421 = 1042. 


Finally, the original message must be in following sequence. 1422,377, 624,421,41,1086,839 and 1042. The 
drawback of Deterministic Rabin Cryptosystem is that, it is applicable for an odd length message. In case of even 
length message, it can’t justify the original plaintext as replicated bit or repeated pattern cannot be noticed in any of 
four options. 

(Chakraborty, et.al., 2014) designed a hybrid Rabin Cryptosystem adding message authentication logic from 
Needham-Schroeder protocol (Roger,et.al.,1978, Waite, et.al., 1987). Hybrid Rabin Cryptosystem designed using a 
combination of Symmetric and asymmetric key that was why it was called hybrid. The technique can be described 
as follows. 

Round 1 : The sender A uses the receiver B’s public key to encrypt a message to the receiver containing to the 
receiver containing an identifier of A (ID a) and a nonce Ni which is used to identify this transaction uniquely. B 
sends a message to A encrypted with PUa and A’s nonce as well as a new nonce N 2 generated by B. A returns N 2 
Using B’s public key. A selects secret key K s and sends M= E(PUb,E(PRa,Ks)) to B. B computes 
D(PUa, D(PRb, M)) to recover the secret key. 

Round 2: The N is the public key which is the multiplication of p and q where p and q are both private keys 
and both p and q are congruent to 3 mod 4. A prepares the message M by adding his shared secret key with the 

plaintext and then applying the encryption function C — M 2 mod N. A further calculates 2 more values 

1 m 

a and b such that a — M mod 2 and b — - (1 + —). for decryption B has to use the Chinese Remainder Theorem 

(p+i) 

to get the four square roots. At first B has to calculate M p and M t( such that M p = C * mod p and M (/ = 

(g+i) 

C * mod q. Then B has to compute +M p mod p, — M p mod p, +M ? mod q and - mod q. These are the 4 
square roots. Then take the two roots having the same parity specified by a, say x and y. Compute the numbers 
i (l + 0 and ~ (^1 + -j. Then take the root corresponding to the number equal to the value of b. Thus the message 
M is retrieved. Now B has to subtract the shared secret key from M to retrieve the plaintext. 
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A workout Example: The Modified Rabin Cryptosystem Sharing the Secret key is as follows. Let the 

ID of A — 1001 and the ID of B — 1002. A sends ID and nonce N 1 — 311 encrypted with the public key of 

B, i. e.E (PI/ b (1001||311)) to B. B sends nonce 

N 1 andN 2 — 653 Encrypted with the public key of A,i.e.E (PU A (311||653)) to A. A sends the nonce N 2 
encrypted with the public key of B i. e.E ( PU B , 653) to B. A then encrypts the secret key Ks to be shared with his 
own private key and then again encrypt it with the public key of B and sends X — E ( PU B ,E ( PR A , K s )) to B. B 
computes D(PU A , D(PR B , X )) to recover the secret key. 

Encryption: 

Let A wants to send the plaintext P t = 43 and the secret key K s = 24 
Then the message M = (P t + K s ) = (43 + 24) = 67. 

Let the public key n = 589 

Then the cipher text C = E (67,589) = 67 2 mod 589 = 366. 
a = M mod 2 = 67 mod 2 = 1, b = -fl + —) = -fl+- —) = 0.556876 

’ 2 t 2 t 589 J 

A sends the triple (366,1,0.556876) to B 

Decryption: 

Let the private keys are: p = 19 and q = 31 Public key N — 589. The following root computation process for 
deterministic polynomial time because of Blum prime formation is considered in this example. B’s computation 
process is as follows. 


(p+l) 

Mp = C 4 mod p = 3665 mod 19 = 9 

(q+i) 

M q = C 4 ) mod q = 3668 mod 31 = 5 

Ui 

—M p modp =19-9 = 10 mod 19 = 10 

—M q mod q — 31 — 5 = 26 mod 31 = 26 

u 2 

n/p * v x = 1 mod p -4 31 * = 1 mod 19 -> v x = 8 

Vi 

n/q * v 2 = 1 mod q -4 19 * v 2 = 1 mod 31 -> v 2 = 18 

V 2 


Finally, by applying the Chinese remainder theorem to compute the four square roots and the system of congruence 

x = U; * V: * — is as follows: 
n t 

Step-1: x = 9 mod 19 and x = 5 mod 31: 

x 1 = *v 1 * ^ + u 2 * v 2 * — j mod N 

= {9*8*31 + 5 * 18 * 19} mod 589 
= 3942 mod 589 
= 408 
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Step-2: x = 10 mod 19 and x = 5 mod 31: 

x 2 — { u i * v i * j + u 2 * v 2 * “} mod N 
— (10 *8*31 + 5* 18* 19} mod 589 
= 4190 mod 589 
= 67 

Step-3: x = 9 mod 19 and x = 26 mod 31: 

x 3 = [ u ± * v t * j + u 2 * v 2 * -] mod N 

= {9*8*31 + 26 * 18 * 31} mod 589 
= 11124 mod 589 
= 522 

Step-4: x = 10 mod 19 and x = 26 mod 31: 

x 4 = | Ui * Vi * j + u 2 * n 2 * - J mod N 

— (10 * 8 * 31 + 26 * 18 * 19} mod 589 
= 11372 mod 589 
= 181 


Finally, the original message must be among the 408,67,522 or 181. As a = 1, we take the 2 roots specified by a 
which are x = 67,y = 181, Nowr = -fl + -]= -fl + —] = 0.556876 and 

J 2 t n J 2 t 589 J 

s = j- ■> 1 + ^ } = “{l+ = 0.653650. Now b = 0.556876 as r = b, message M = x = 67, so the Plaintext 

P= (M — K s ) = (67 — 24) = 43. (Sattar, et.al, 2015) showed an extended application of Michael O. Rabin 
Cryptosystem in the field of cryptography to steganography. In Michael O. Rabin cryptosystem produce four 
decryption results among one of them is correct and other three are pseudo results. In the steganography applic ation, 
a benefit of the illusions messages generated from Rabin’s cryptosystem were taken by authors. Although, in 
cryptographic application, those three false results are considered as a weakness point of Rabin Cryptosystem owing 
to size problems. The authors in this articles turned Rabin Cryptosystem’s disadvantage to advantage in 
steganography which will be used not only constructing hiding map but also authenticated mechanisms which guide 
the hiding process. The authors of this article converted secret message into ASCII value and used it in Rabin 
encryption algorithm which gives the system encrypted message that will represent the input to the decryption 
algorithm. The procedure produce four message. One of them is secret message and the rest are illusion messages 
with a different length that constructs the map is as below: 

The pseudo code for determining Map 

t = 0 , While (m t <> c) do , Hiding map = m t End. Preparation of color cover image for hiding c is shown as 
follows. 

Hiding Algorithm: 

Input: Cipher message (Text) 

Cover Image (Image) 

Map (binary format) 


Output: Stego — object 
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The Entire process follow some important steps. 

• Read secret message 

• Convert secret to binary format. 

• Read Cover color image and get three bands (Red, Green, Blue). 

• Convert all band of RGB to binary format. 

• Get based on Map (Output of decryption) 

• For each byte band do the following steps. 

• Prepare a Target address through the following equation. 

o Target Address (T) = (1 * + 2 * K 2 + 4 * K 3 )mod 3 

o Replacing the target address bit with the secret bit message. 

• Go to step 6 until hide all the secret. 

• At the end gather all the bands to form stegoobject. 


Secret message 

t 

Rabin(Encryption & Decryption) 
Algorithm 

4 Map—». 

Cipher code 

4 — 


Hiding Algorithm 

T 

Cover Image 


Sender 



Map 


Yes 


Secret message a 

Rabin decryption I 
Algorithm 

Cipher Code \ 


Unauthenticate 
► d message 


Authenticated 
message 

Extracting Algorithm 



Receiver 


Figure 2.4: The block diagram of the stegoobject 

It show a good result for guiding hiding mechanism and authentication mechanism. Both of the map and stegoobject 
will transmit through channel from sender to receiver which has shown in figure 8 . When the receiver get both of 
them will start extract ciphertext and decrypt to get four message {mi, mi, m 3 , nu} here one of them is a secret 
message and rest are for constructing a map that will work as a guide for hiding mechanism and this can easy to 
filter because of having map available. If the extracted map matched the received one that is authenticated otherwise 
it rejects and this is easy to filter because of having map available. 
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(Kaminaga, et.al. 2016) discussed a fault attack technique on modular exponentiation of Rabin’s encryption where a 
complicated situation arose in case of message reconstruction when message and the public key were not relatively 
prime. They also provided a rigorous algorithm to handle message reconstruction. They provided a fundamental idea 
about two attacks on crashing modulus on modular squaring for Rabin Cryptosystem. The attack are performed 
attacker when public key moves from nonvolatile memory to register byte by byte. Their assumption attacker can 
inject one byte fault into this moving process. Then simulation result shows that only 14.4% success rate in 
Transient attack and 54% success rate for injection attack for small prime which is actually negligible because real 
life prime number so big. Their attack models are as follows. 

Transient fault attack: 

Let Z (a, b} be a set of integers in the interval {a, b}. Assuming that the attacker can inject a transient fault that 
public key N modifies by byte, that is, the injected fault affects only one byte of the public key by modifying it 
randomly as follows: AT = N ©e where © is bitwise exclusive OR and e = R t * 6 Z (1,2 8 — 

l}/or t =£ 0 which is required to preserve the parity of /Vi Suppose the attacker knows the position i, but the 
correct value of the faulty public key N" is unknown by the attacker. The attacker must factor 255 (= 28 — 
1) candidates of N i Attack also works for a fault that affects several bytes of N. However, the attacker’s task 
grows in proportion to the number of candidates N" of perturbed N. This is a natural assumption for both WIPR and 
RAMON. In the WIPR case, the attack target is the time at which i-th byte N[i] of N moves from non-volatile 
memory to the register for multiplication before multiplying r and N. 

Instruction skipping attack: 

The second fault model is based on the instruction skip technique. Instruction skip is equivalent to replacing an 
instruction with a no operation in assembly language. Instruction skip does not affect the registers, internal memory, 
and calculation process. It is possible to reconstruct an entire secret exponent with 63(=26-l). Implementation with 
the 26-ary method using instruction skipping technique in pre-computation phase. Their attack target is a conditional 
branch operation for moving the last byte of N at the counter i — 127. if the conditional branch operation is 
skipped, the attacker obtains the faulted public key ~ N as follows: 


126 



Equ{ 18) 


i=o 


Where each N[i] £ Z (0,255). Clearly, N" is one byte shorter than the original N, and preserves its parity. In this 
case, N" is uniquely determine. Therefore, from the computational point of view, attack for this case is easier than 
the attack for the ‘crash a byte of N’ case. The notion of first attack model were actually derived from (Berzati, et.al., 
2008, Berzati,et.al., 2009). 


(Chandrakar, et.al. 2017) developed a secure two factor remote authentication scheme using the Rabin 
Cryptosystem, Claiming it to be secured against the man-in-middle attack, Replay attack, and active and passive 
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attack using BAN logic. They simulated the technique uses AVISPA tool. This authentication scheme reduces the 
various cost overhead and time complexity. This authentication scheme reduces the various cost overhead and time 
complexity. It includes 5 phases are as follows. 

Step-1: System Setup Phase 

The server S selects two large primes p, q, where p, q = 3 mod 4. The server S evaluates N — p X q and 
declares n as public key and (p, q) as private key. 

Step-2: Registration Phase 

Every new user needs to register with the server S to get the services/applications by executing the 
following steps: 

■ User f/j chooses random number R, identity ID t and password PW L He then computes RPW t — 

h {Idi II R II PWi ) and submits {RPW i: IDi} to the server S through a reliable channel. 

■ Upon obtaining the message from f/j, S generates a random nonce Ai; and evaluates MK = 

h (Idi II P II q).Ai = MK ® h (RPW t II ID t ), CID t = E h(p II q ) (/£>* II N t ) and B t = h (RPW t II MK). 

The server S stores the values {A t , B t , CID it n, h (.)} into a smart card and transmits it to user I/j through a 
reliable channel. 

■ After getting the smart card from the server, t/j calculates RN — h (lD t II PW t ) © 
R and stores RN in the smart card 

Step-3: Login Phase 

Whenever user U t wants to access the services of remote server, he needs to log into the system by executing 
the following steps: 

■ Ui inserts smart card into a terminal and inputs PW L and IDi. The smart card evaluates R' — 

h (IDi II PW^ © RN,RPWi' = h (ID t II R' II PW^.MK’ = A t © h (i RPWi II ID L ) and B t ' = 

h (RPW/ II MK') and compares if S; = B/. If it is false, the smart card aborts the session; otherwise, 
executes the next step. 

■ The smart card creates a random nonce R c and evaluates M t — (Rc II RPW t II ID t ) 2 mod n, ] L = 
h ( R c II RPWi II IDi ), Li = Ji © h (R c II IDi ) and K t — h (MK) © R c . User Ui sends the message 
(M,, Li, Ki, CIDi ) to server over an insecure channel. 

Step-3.1: Authentication and Key agreement phase 

■ After getting the message C/£)j } from , the server decrypts C/Z)j, t. e. (/£) ; II /V,) = 

Dh(p ii q) (ClDj) and Checks the legitimacy of /£>,. If /D, is not valid, server S aborts the session else it 
calculates MK = h(IDi II p II q),R c ’ = h (MK) © K t and J t ’ = L t © h (R c II /£>;)■ 
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■ The server decrypts the message M; with the help of private key {p, qj and obtains four root values 
(Pi, P 2 , P 3 , P 4 }.S checks if Jf = h(P k ), where k = 1 to 4. If it is false, S aborts the session; else, the 
server believes t/j is legal and performs next step. 

■ The server produces a random nonce R s and calculates 7) = h (R s II MK),CID l n — 
Eh(p\\q') QDi II R s )and R sc = R s © R c . Server transmits {R sc ,T i ,ClD i n } to user U t over an 
untrustworthy channel. 

■ Upon obtaining the reply message (7? sc , 7), C/D; 71 }/rom S, the smart card calculates Rf — R sc © 

R c , 7)' = h (Rf II MK ) and checks if Tf = 7;. If it holds, the user t/j trusts the server as legitimate 

one. User calculates the session key SK — h (P s II R c II MK II ID[) and Z t = h(SK II IDf). The user 

transmits Z i to S and replaces CID L with ClDf 1 in smart card. 

■ After receiving Z ; from t/ ; , the server enumerates SK — h (R s II R c II MK II IDi ), Z{ = h(SK II IDf) and 
checks if Z t = Zf. If it is true, both parties can communicate using this session key SK. 

Step-4: Password Change Phase 

■ The smart card reader checks the legitimacy of user t/j by performing the Step 1 of login phase. 

■ The user inputs a new password PWj new and calculates RPW t new = h ( ID t II R' II PW t new ) , Aj” ew = 

A i © h (RPW t II /£>;) © h ( RPW t new II = h(RPW t new II © h {RPW t II IDf) and 

RN new = RN © h (IDi II PWi) © h (/P ; II PW t new ). 

■ The smart card reader stores new values (i4j new , P, new , RN new } in place of old values {A h B h RN } in the 
smart card. The password update phase is successfully completed. 


(Dong, et.al. 2017) modified Rabin’s cryptosystem using cubic residue technique which successfully removed the 
long cherished inconsistency so called four to one function in Rabin’s cryptosystem. But, it was insecure against 
chosen cipher text attack that was pointed out by authors. Interestingly, the novel method of computing cubic root 
from a cubic residue prohibited the revealing private key. It is a modification of the Rabin Cryptosystem based on 
cubic residues Definition 1. If there exists an integer x such that x 3 = a mod N, where a eZ and ( a, N) — 1, a 
is called a cubic residue modulo N. Lemma 1: Suppose that p is a prime and 3 | (p — 1), then a is a cubic residue 

(p-i) 

modulo p iff a 3 =l ( mod p). 

Lemma 2 : Let P = 2 (mod 3) and q = 4 (mod 9) or 7 (mod 9) be primes, N — p * q. Then a is a cubic residue 
modulo N — p * q if and only if a is a cubic residue modulo q. When constructing a quadratic residue y modulo N = 
p * q, y should be a quadratic residue both modulo p and modulo q. However, choosing proper p and q make easier 
to construct a cubic residue modulo N — p * q than to construct a quadratic residue modulo N — p * q by Lemma 2. 
Theorem 1: Let, P = 2 (mod 3) and q = 4 (mod 9) or 7 (mod 9) be primes, N = p * q and 5 a cubic residue 
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modulo N. Then S 3d = S (mod N) where d — l 2(p 1) ( t? 1 ) + 3 1 ^ if q = 4 ( mo d 9) and d — {(p —11231 if q = 7 

(mod 9). A 3 ( th root of 6 could be efficiently computed as mod t = S dl (mod IV). 

Algorithm for Key Setup: 

Alice performs the following steps in order to get her private key and public key: 

■ choose two random prime numbers p and q such that P = 2(mod 3) and q = 4 (mod 9) or 7(mod 9) and 
ppq; 

■ Compute N - p * q, 

■ Publicize N as her public key, and keep (p, q) as her private key. 

Algorithm for Encryption: 

The sender Bob computes ciphertext (c) = m 3 (mod N) in order to send a confidential message m to Alice. 
Algorithm for Decryption: Alice computes c d (mod N) in order to decrypt the ciphertext c, where d — 
2(p ^ , If q = 4 (mod 9) and d= if q = 7(mod 9). In fact, c d = m 3d = m (mod IV) by 

Theorem 1. 

A workout Example : Alice chooses prime numbers p = 41 and q — 31, then computes 1271 — p * q — N 
is her public key, and (p, q) = (41,31) is her private key. Suppose that Bob send a confidential message m = 
1000 to Alice. He computes ciphertext c — 1000 3 (mod 1271) = 78. After receiving the ciphertext c= 78, 
Alice computes d = 2(p ^ = 267, c d = 78 267 = 78 40 * 6+27 = 16 mod (41), and 78 267 = 8 (mod 31). 
Then she uses the CRT to get the plaintext that is m — 16 *4* 31-8*3* 41 = 1000 since 1 = 4*31 — 3*41. 

(Awad, et.al. 2018) proposed a deterministic method depending on the domain of Gaussian Integer to select right 
plaintext among four decryptions result. Recipient can decide particular plain text form four possible decryption 
result by selecting obtained square root with redundancies in its imaginary part (a + bi). This is the main benefit of 
using Gaussian integer technique. The disadvantage, on the other hand, same cyphertext can be generated from 
different plaintext due to having modular reduction arithmetic. For example, for the four plaintext (m) = 
(13,20, 57, 64], the same cipher text c=15. 

The following algorithm is for computing the Gaussian square roots of the Gaussian quadratic residues modulo p. 

Algorithm for computing the square roots modulo Gaussian Primes: 

There are two possible forms for the message m 6 A (N). The first form is m — a + h L where a,h 6 Z with h 4 
0, while the second form is m = a where a £ Z which is similar to that in the domain of natural integers. In this 
modification, the first case was considered when m = a + b t with h f 0. To find the Gaussian square roots of the 
Gaussian quadratic residues c = x + y t in A (p) is not any easy problem although it could be solved by 
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generalizing the algorithms used to find square roots from Z N to Z[i], The following algorithm for computing the 
Gaussian square roots of the Gaussian quadratic residues modulo p. 

Step-1: ( - ) = — 1, if c is not quadratic residue modulo p. 

Step-2: Compute the inverse c _1 ( mod p) by the e-Euclidean algorithm in Z[i ]. 

Step-3: Write (p (p) = 2 s t where t is an odd integer. 

Step-4: Select a quadratic non residue integer b = x l + yf modulo p 3b G R (p). 

(t+1) 

Step-5: Set x = b'(mod p) and r = c 2 ( modp ). 

Step-6: For i = 1.s — 1 

■ Compute 8 = (r 2 * c _1 ) 2s_1_1 ( mod p). 

■ Ifd = —1 (mo dp) then set r = r* x (modp), and x = x 2 (modp). 

■ If S = l(modp), then repeat with anew value of i. 

Step-7: Return (r, — r) as the two square roots of c modulo p. 

Public and private keys generation algorithm: 

■ Generate two large random and distinct Gaussian primes p and q, each roughly the same size and of the 
form 4 k + 3. 

■ Compute N — p * q. 

■ The public-key is N and A / s private-key is (p, q). 

Messages Encryption Algorithm: 

■ Obtain A’s authentic public-key N, and choose the plaintext message as a Gaussian integer m G A (N). 

■ Comput e the ciphertext c = m 2 {mod IV), and send it to entity A. 

Ciphertext Decryption Algorithm: 

■ Use the Chinese Remainder Theorem to find the four square roots mi, m 2 , m 3 , and rru of c modulo N. 

■ Entity A decides which of these the original message m is by selecting the obtained square root with 
redundancies in its imaginary part. 

A workout example: Let p = 1051 and q — 1031 be two randomly chosen Gaussian integers of the form 
4k + 3, then N — 1083581. The public-key is 1083581 and A’s private-key is the pair integer (1051,1031). The 
number of different choices for the message m is equal to the order of the complete residue system modulo N, which 
is | A (A)| = 1174147783561, Let m= 101011 + llllllt, then the ciphertext is c =m 2 = 891018 + 
4860271 (mod 1083581). To decrypt the Cypher message, an entity A should uses the private keys p and q including 
above algorithm, and the Chinese Remainder Theorem over Z[i] to find the four square roots: 
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m 1 = 101011 + lllllli, m 2 = 428923 + 461094i, m 3 = 654658 + 622487i, and 

m 4 = 982570 + 9724701 

An entity A knows that the original message is mi by checking the redundancy of the imaginary part of obtaining 
four square roots where the only one of them whose imaginary part contains a redundancy is mi. 

(Bhatt, et.al. 2018) extended a deterministic technique adding duplicating bits at the beginning of plaintext before 
encryption. Added replicating bits reflected within one decrypted text among four possible plaintext. The annoying 
thing is other three false result that refers to time complexity and memory complicity. 

Key Generating Algorithm: 

Input: Let f be the f-bit-size of the secret parameter. 

Output: The private key pi, p 2 and the public key N. 

■ First select two random prime numbers p 4 and p 2 such that 2^ < p 1( p 2 < 2^ +1 and P\,p 2 are in the 
form of 4k + 3 where k is any positive integer. 

■ Calculate N — p 4 x p 2 

■ Calculate two integers a 1: a 2 such that a 1 x p 2 + a 2 x p 2 = 1 

■ Return the private key (p 1( p 2 ) and the public key N. 

Deterministic Rabin Encryption Algorithm: 

Input: Public key: N, Plaintext: 

Output: Ciphertext c 4 

1 Select integer 0 < m 1 < N such that GCD{m 1 ,N ) = 1 

■ Convert the message mi into binary form and pad the digit with the LSB 

■ Compute c x = (m^ 2 mod N 
1 Return the ciphertext c r . 

For the decryption of the ciphertext, Deterministic Rabin cryptosystem is used. The input of this algorithm is 
ciphertext and key pair and output the original plaintext. The decryption takes more time compared to encryption 
because; we used Chinese Remainder Theorem to find all possible plaintext. CRT takes more time to find the 
solution of set of congruent equations. 

Deterministic Rabin Decryption Algorithm: 

Input: Private Key: (p 1( p 2 ), Ciphertext: c x 
Output: Plaintext: up 
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(pi+o 

Step-1: Calculate r 1 = c x * (modpi) 

(P2+1) 

Step-2: Calculate r 2 = c 2 4 (mod p 2 ) 

Step-3: Calculate x x = (a x x p x x r 2 + a 2 x p 2 x rj mod N 

Step-4: Calculate x 2 = (a x x p t x r 2 - a 2 x p 2 x r x ) mod N 

Step-5: Calculate X 3 = - X 2 (mod N) 

Step-6: Calculate X 4 = - xi (mod N) 

Step-7: Among xi, X 2 , X 3 , X 4 return the message having redundancy that is our original plaintext. 

A workout example: 

A real example uses prime numbers from 512 to 1024 bits long, similar to that used in RSA. For understanding 
purpose, we have taken small values. Let pi and pi are prime numbers and ml is message. The example of proposed 
scheme is as follows: Let p 1 = 7 ,p 2 — 11 and message (mj = 3, public key N — x p 2 = 7x11 = 77 

and then calculate (—3) X 7 + 2 X 11 = 1 ,a ± = —3 and a 2 — 2, since mi is two bit message, whose bits are 

replicated to give 4 bits, till the number 63. Range of message is from 1 to 76, so redundancy of this type will work. 
Plaintext in binary form is written as ( 11)2 or (3)io. This replication gives ( 1111)2 or (15)io. Ciphertext is c x = 
(m-t) 2 mod 77 — 71. The decryption process is as follows. 

ry = IX 1 modi — landr 2 — 71 3 mod 11 = 4 , finally 

x 1 = ((—3) x7x4 + 2x11x1) mod 77 = 15 

x 2 = ((-3) x7xl - 2x11x4) mod 77 = 29. 

Two square root among four square roots are xi and X 2 , and the rest two are X 3 = —xi mod 77 = 62, X 4 = —X 2 mod 77 = 
48, hence, four square roots in binary formats: 15 10 = HH 2 , 29io = IIIOI 2 , 62io = IIIIIO 2 , 48io = IIOOOO 2 

The required redundancy is possible in 15io only, so number returned by the Deterministic Rabin machine is 15io. 
The redundant bits are II 2 or 3m, which is original plaintext message. Deterministic Rabin Cryptosystem is similar 
to Rabin Cryptosystem but only difference between them is that, in Rabin Cryptosystem, there are four answers 
from which any one of them is correct. Therefore, Rabin cryptosystem is non-deterministic. It produces four answer 
and can be ascertained the correct result by checking the redundancy of the answer in binary form or by using 
repeated binary pattern like (11 11 ) 2 . 

(Gani, 2019) performed study over Rabin and RSA Cryptosystem and provided insightful discussion. The 
computation speed of RSA and Rabin’s Cryptosystem were roughly same. Both algorithm's security relied on prime 
integer factorization. 
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(Mahad, et.al. 2015) proposed an efficient method to overcome four to one mapping problem of Rabin cryptosystem 
by reducing the phase space of plaintext from M e z pq to M e 2 2 n ~ 2 ,2 2n_1 c z pq where N — p * q is a product 
of 2 strong primes p * q e 2 2 n ,2 2n+2 . They calculated public key N — p 2 * q as like as Okamoto -Uchiyama's 
scheme in 1998 and Schmidt-Samoa 2006. Private Key d — p * q, 

Key generation: 

Input: The size n-bit of the prime numbers. 

Output: A public key N — p 2 * q and the private key d — p * q, 

■ Generating two random and distinct n-bit strong primes p and q satisfying p = 3 mod 4,2 2n < p < 
2 2n+2 ,q = 3mod4,2 2n < q < 2 2n+2 

■ Set N = p 2 * q and d — p * q. 

Encryption: 

Input: A public key N — p 2 * q and the plaintext M 
Output: The ciphertext C. 

■ Plaintext is an integer M e 2 2n — 2, 2 2n_1 c z pq 
1 Compute C = M 2 ( mod N ) 

Decryption: 

Input: the private key tuple (d, p, q) and the ciphertext C 
Output: The plaintext M. 

Step-1: Computation V = C (mod d). 

Step-2: Solving square root of V via CRT utilizing the private key pair (p, q). 

Step-3: Return 4 possible plaintext Mi, M 2 , M 3 and M 4 

C—M? 

Step-4: For i — 1 to 4 compute Wi = — 1 

Step-5: Return the plaintext M t which produces W t e z 

Proof of correctness begin with the following lemma. 

Lemma 1: Let public key N = p 2 * q and d = p * q, Choose x e z d . If y = x 2 (mod N)and V = 
y (mod d), then V = x 2 (mod d) Proof of lemma 1: 


y = x 2 + Nkj^ where kj e z .Equ. (19) 

v = y + dk 2 where k 2 e z .Equ. (20) 
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From Equ.(19, 20), we can write an equation v = x 2 + Nk x + dk 2 and finally v = x 2 mod d. Proposition 2 : 
Let C be an integer representing a cipher text encrypted by the Rabin-RZ scheme. Then C = M 2 (mod N) has 
a unique solution for M. 

Proof of proposition 2: 

Let begin with the proof of correctness of the decryption procedure. Since M e z d , we will obtain all 4 roots of V by 
solving V = C (mod d ) using the CRT and also by lemma 1, indeed v = M 2 (mod d ) Furthermore, since Me z d 
and d < N, certainly one of the root is a solution for C = M 2 (mod IV). We now proceed to prove the uniqueness. 
We rewrite the congruence relation as the equation C = M 2 (mod N) as C = M 2 — N t with t e tl, M { ^ 
M 2 and for i = 1,2 M t < 2 2n_1 . Then M d 2 — N t d = M 2 2 — Nt 2 , using N= p 2 * q , this leads to M d 2 — M 2 2 = 
(ti ~ t 2 )N 

Case 1: tq — t 2 | (M 2 — Mf). The probability that t 1 — t 2 \ (Mf — M 2 2 ) and not equal to zero is 2~ n . Conversely, the 
probability that — t 2 | (Mf — M 2 2 ) and equal to zero is 1 — Thus Mf — M 2 2 is with the probability is 1 — ^ 
and since M e 2 2 ” -2 . 2 2n_1 . Then M 1 = M 2 , hence the equation C — M 2 — N t has only one solution. 

Case 2: 1V| (Afi + M 2 )(M 1 — M 2 ). The condition that should be satisfied is either one of the following conditions. 

pq \(M 1 ±M 2 ) p 2 |(M 1 ±M 2 ) 

or 

p |(M x ± M 2 ) q|(M x ±M 2 ) 

Observe that p * q, p 2 > 2 2n while IVfi + M 2 < 2. 2 2n_1 = 2 2n . This implies that either condition is not possible. 

A workout example: 

The scenario is an entity A will send its public key to other entity B. B will encrypt. A choses Prime p=100669, 
q=69859 and compute N — p 2 * q — 707968400363899 and d = 7032635671 ,Message M — 1439948310 

519659206359828 = 1439948310 2 (mod 707968400363899) and Sends to A. A decrypts the message by 
computing 3691358296 = 519659206359828 mod 7032635671 .Then A uses the CRT and its private key S to 
compute the four square roots of 3691358296 modulo d those are 

■ Mi=3890433108, M 2 =1439948310, M 3 =5592687361, M 4 =3142202563. 

Then, to determine the correct message A computes for i — 1 to 4: 

C-M , 2 

W i=—ff~ L . Equ( 21 ) 

in this example only M 2 produces W e tl. 
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(Srivastava, et.al. 2013) presented analysis of Michael O. Rabin cryptosystem with the help of Chinese Reminder 

Theorem. Also, redundancy schemes for decryptions technique was mentioned and some basic mathematical 

concepts was explained and finally compared with RSA cryptosystem in terms of security and efficiency. The 

following descriptions for redundancy. 

Redundancy schemes for unique decryption: 

To ensure that decryption returns the correct message it is necessary to have some redundancy in the message, or 
else to send some extra bits. We can use following four solutions to overcome this problem. 

Redundancy in the message for Rabin: For example, insist that the least significant 1 bits (where 1 > 2 is some known 
parameter) of the binary string m are all ones. If 1 is big enough then it is unlikely that two different choices of 
square root would have the right pattern in the 1 bits. A message m is encoded as x = 2 l m + (2 l — 1), and so the 
message space is M k — {nv. 1 < m < ^ , gcd(N, 2 1 * m + ( 2 l — 1)) = 1], alternatively, M k ={0,l} K ~ i ~ 2 . The 

ciphertext is c — x 2 (mod N). Decryption involves computing the foursquare roots of c. If none, or more than one, 
of the roots has all 1 least significant bits equal to one and so corresponds to an element of M k then decryption fails 

(return 1 ). Otherwise the output the message m — |jjj . 

A workout example: 

Public key= N = p * q — 77, Private Key p=7, Private Key q=ll 

Let message m — 15 10 = 1111 2 

Left most bit= 11 2 = 3 10 >2 and Right most bit =11 2 =3 10 , 

Encoding message x — 2 1 * m + (2 l - l) = 2 3 * 15 + (2 3 — 1) = 127 
x 2 = 127 2 mod 77 = 36 = c 
Decryption involves computing the foursquare roots ofc. 

7+1 11+1 

Computation of two square roots S rl = 36~ mod 7 = ±1 , S r2 = 36 * mod 11 = ±5 

Calculating two bezout's coefficient using extended Euclidean Algorithm that is a = —3 and b — 2 

Chinese Remainder theorem gives four roots (X 1 ,X 2 ,X 3 ,X 4 ) by combing private key and their coefficient with two 
square roots 

x 1 = (p * a * S r2 + q * b * S rl )mod N — (7 * — 3 * 5 + 11 * 2 * 1) mod 77 = 71 10 
x 2 = (p * a * S r2 + q * b * S rl )mod N = (7 * —3 * —5 + 11 * 2 * —1 )mod 77 = 6 10 
X 3 — (p * a * S r2 — q * b * S rl )mod N — (7 * —3 * 5 — 11 * 2 * 1) mod 77 = 27 10 
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X 4 = (p * a* S r2 -q *b * S rl )mocL N = (7 * —3 * —5 — 11 * 2 * —1 )mod 77 = 50 lo 

X 1 = 71 10 = 71,35,17,8,4,2,1 = 1000111 2 

* 2 = 6 10 = 6,3,1 = 110 2 

X 3 = 27 10 = 27,13,6,3,1 = 11011 2 

X 4 = 50 10 = 50,25,12,6,3,1 = 110010 2 

If none, or more than one of the roots has all 1 least significant bits equal to one and so corresponds to an element of 

1 1271 

—J = 15 which is desired 

plaintext. 

Rabin padding scheme: 

Public key= N — p * q = 77, Private Key p — 7, Private Key q = 11, message m = 5 10 = 101 2 by padding 
another 5 10 the message extend to m = 101101 2 which is equivalent to 45io 

Encryption: 045 2 mod 77=23 

Decryption: Decryption involves computing the foursquare roots of c. Computation of two square roots. 

7+1 11+1 

S rl = 23~ mod 7 = ±4, S r2 — 23 * mod 11 — ±1 

Calculating two bezout’s coefficient using Extended Euclidean Algorithm that is a=-3 and b=2. Chinese Remainder 
theorem gives four roots(Xi, X 2 , X 3 , X 4 ) by combining private key and their coefficient with two square roots. 

X 1 = (p * a * S r2 + q * b * S rl )mod N — (7 * — 3 * 1 + 11 * 2 * 4) mod 77 = 67 10 

X 2 = (p * a * S r2 + q * b * S rl )mod N = (7 * — 3 * — 1 + 11 * 2 * —4 )mod 77 = 10 lo 

X 3 = (p * a * S r2 — q * b * S rl )mod N — (7 * —3 * 1 — 11 * 2 * 4) mod 77 = 45 10 

X 4 — (p * a * S r2 — q * b * S rl )mod N = (7 * —3 * —1 — 11 * 2 * — A)mod 77 = 32 10 

Find the replicating bit after decimal to binary conversation 
X 1 = 67 10 = 67,33,16,8,4,2,1 = 1000011 2 
= 10 10 = 10,5,2,1 = 1010 2 
A 3 = 45 10 = 45,22,11,5,2,1 = 101101 2 
X 4 = 32 10 = 32,16,8,4,2,1 = 100000 2 

Only root X 3 showing replicating bit. To retrieve original message, we have to remove replicating bit and reveal 
message m=5io 
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Extra bits for Rabin: 


Send two extra bits of information to specify the square root. For example, one could send the value b 2 — (’") of the 
Jacobi symbol (the set {—1,1} can be encoded as a bit under the map x —> 7 (x + l)/2), together with the least 
significant bit b 2 of the message. The cipher text space is now C k = (^//y^) x (hi } 2 and, for simplicity of 

exposition, M k = / ^z) • These two bits allow unique decryption, since ( = 1, m and N-m have the same 

Jacobi symbol and if m is odd then N-m is even. Indeed during using the CRT to compute square roots then one 
computes m p and m q such that j = (~) =1 • Then decryption using the bits b 1 ,b 2 is: If b 1 = — 1 then the 

decryption is +CRT (m p ,m q ) and if b 4 — —1 then solution is ± CRT (—m p ,m q y This scheme is close to optimal 
in terms of cipher text expansion and decryption never fails. The drawbacks are that the cipher text contains some 
information about the message, and encryption involves computing the Jacobi symbol, which typically requires far 
more computational resources than the single squaring modulo N. 

A workout example: 


Public key= N — p * q — 77, Private Key p=7. Private Key q=ll, message m — 15, Root selection bit 


b x = m mod 2 = 15(2) = 1 


Message identification bit b 2 


MHy)(uHt)(u) 


7-1 / 11-1 

= 1 2 mod 7 * ( 2 2 mod 11 

Encipher c=15 2 mod 77=71 
Then decryption using the bits b u b 2 after computing the four square roots of c. 



7+1 11+1 

Computation of two square roots S rl = 71~ mod 7 — ±1 , S r2 = 71 * mod 11 = ±4 


= 1 and = (22 mod 11 j = 1 .Therefore 0 ^) = = 1 


Calculating two bezout’s coefficient using Extended Euclidean Algorithm that is a = —3 and b — 2. Chinese 
Remainder theorem gives four roots (Jfi, X 2 ,X 3 ,X 4 ) by combing private key and their coefficient with two square 
roots 


x 1 = (p * a* S r2 + q * b * S rl )mod N = (7 * — 3 * 4 + 11 * 2 * 1) mod 77 — 15 10 

X 2 = (p * a * S r2 + q * b * S rl )mod N = (7 * — 3 * — 4 + 11 * 2 * —1 )mod 77 = 62 10 

X 3 = (p * a * S r2 — q * b * S rl )mod N = (7 * —3 * 4 — 11 * 2 * 1) mod 77 — 48 10 

X 4 = (p * a * S r2 — q * b * S rl )mod N = (7 * —3 * —4 — 11 * 2 * —1 )mod 77 — 29 10 

Now select two roots specified by bit b 4 = (Jfi, A 4 } = {15,29} 

Now compute Jacobi symbol of both of them. 
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(“) = (“)(“) = G)( •) = 1 • ( 2 ^ mod 11f = 1. (-1)= = 1 




i * (-i) = -i 


As we can see Jacobi symbol (^) is equivalent to b 2 . Therefore original message m — 15 is retrieved. Let N = 
p * q where p, q = 3 (mod 4) If p = ±q (mod 8 ) then (IV 2 ) = — 1. Hence, for every 1 < x < N exactly one of 
x, N — x, 2x,N — 2x is a square modulo N. Without loss of generality we therefore assume that p = 3 (mod 8 ) and 
q = 7 (mod 8 ). The integer N is called a Williams integer in this situation. Williams [629] suggests encoding a 

message 1 < m < N/8 — 1 (alternatively, m 6 M k = (0, l} k_5 ) as an integer x such that x is even and = 

1 (and so x or — x is a square modulo N) by 


x — p(m) = 


4(2m + 1) 
2(2m+ 1) 



Equ. (22) 


The encryption of m is then c — P (m ) 2 (mod N). One has C k = (Z/NZ )*. To decrypt one computes square 
roots to obtain the unique even integer 1 < x < N such that (^) = 1 and x 2 = c (mod N). If 8 | x then decryption 
fails (return 1 ). Otherwise, return m = (x/2 - l)/2 if x = 2 (mod 4) and m = (x/4 - l)/2 if x = 0 (mod 4).Unlike the 
extra bits scheme, this does not reveal information about the cipher text. It is almost optimal from the point of view 
of cipher text expansion. But it still requires encrypter to compute a Jacobi symbol otherwise loses performance 
advantage of Rabin over RSA. The Rabin cryptosystem with the Williams padding is sometimes called the Rabin- 
Williams cryptosystem. 


A workout example : Assume that p 1 — 3 (mod 8 ) and p 2 — 7 (mod 8 ). The integer N is called a Williams 

integer in this situation. Hence P 1 = 8k + 3 = 11 where K = 1.pi — 1 and p 2 — 8k + 7 — 23, N = p * 

q = 253, K — 1 ...p 2 — 1. Message m — 13. Williams’s suggesting encoded message space l<m<- — las 

an integer x such that x is even and = 1 (and so x or — x is a square modulo N) by 


x = p(m) = 


4(2m + 1) 
2(2m + 1) 



Equ. (23) 


(“NPlfMS) (!) = ©© 


11-1 / 23-1 

5 2 mod 11 * ( 4 2 mod 23) = 1 


C —X — p(m) 2 mod N = 4(2 * 13 + 1) = (108 ) 2 mod 253 = 26 
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Decryption Process: 

To decrypt, one has to compute square roots to obtain the unique even integer l<x<N such that 
= 1 and x 2 = c ( mod N ). 

11+1 23+1 

Root c x — C 4 mod 11 = 9 and Root c 2 = C * mod 23 = 16. Now find two Bezout’s coefficient from 
Extended Euclidean algorithm prime p 1( p 2 that is a = — 2 and b — 1 and apply those to CRT. 

xi= (11 * -2 * 16 + 23 * 1 * 9)mod 253 = 108 
x 2 = 253 - 108 = 145 

x 3 = (ll * -2 * 16 - 23 * 1 * 9)mod 253 = 200 
x 4 — 253 — 200 = 53 

The Jacobi symbol has to be computed after selecting even roots Xi and X 3 among four tuple is as follows- 


(»*)-GS)-QQ-QQ-(n)Q 

( 11-1 \ 2 ✓ 23-1 \ 2 

3 2 mod 111 * (4 2 mod 231 = 1 
Since we achieve positive Jacobi symbol, we do not need to calculate other one. 
If 8 | Xi then decryption fails (return 1). Otherwise, return expected message 


m — (X 1 /2 — l)/2 iff = 2 (mod 4) and 
m = (Jfi/4 — l)/2 iff X 1 = 0 (mod 4). 


Since 108= 0 (mod 4). Message m 



— =13 retrieved. 

2 


2.3 Michael O. Rabin Signature Scheme 

The Rabin signature algorithm in Cryptography is a method of digital signature originally proposed by Michael O. 
Rabin in 1979. The Rabin signature algorithm was one of the first digital signature schemes proposed, and it is the 
only one that relates to the hardness of forgery directly to the problem of integer factorization. The Rabin signature 
algorithm is existentially unforgeable in the random oracle model assuming the integer factorization problem is 
intractable. The Rabin signature algorithm is also closely related to the Rabin Cryptosystem. The security of Rabin 
signature relies on difficulties of integer factorization. 

Unique Signature Algorithm: 

H (m) mod p — 1 and H (m) mod q — 1 , where hash function H is collision resistant if it is hard to 
finds that hash to the same output. If H is a collision resistant hash function which does not mean that no collision 
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exists, simply that they are hard to find. The cryptographic hash function is any mathematical equation. Message m 
is being hashed (encrypted). The hash value 1 generates by using private key p and q. The same hash value from 
different hashed input is so called collision resistant. 


The signature S is given by the following equation. 


q + 1 


p + 1 


S — (( p q 2 H ( m ) — 2 [— mod q) p + ( q p 2 H (m) —^— mod p) q) mod ( pq ) 


Verification by H (m) — s 2 mod N, where N — p * q. The signature can be verified by everyone as N is public 
key. 

The workout example: 


Assuming that p=7 and q=ll using 4k+3 prime formation. The public key N= p * q — 77. The hashed message 

H(m ) = 20^ mod 77 = 15 coming from 13 2 mod 77. Let us see collision resistant hash value 15 mod 7 = 
11 — 1 

1 and 15 — 3 — mod 11 = 1 that is vulnerable in collision attack because a collision attack on cryptographic hash 
tries to find two inputs producing same Hash value. 

11+1 7+1 

Signature S= ((7 11-2 * 15 4 mod 11) * 7 +(11 7-2 * 15 -4- mod 7) * 11) mod 77 

= (6*7 + 2*11) mod 77 = 64 so the signature is unique. 

Signature verification: H (m) =s 2 mod 77=64 2 mod 77=15. 

Since H((m)=H(m), the signature is valid and accepted by verifier. 

Pairing Signature Algorithm-1: 

It is insecure without hash function. 

Key Generation: 

■ The signer S chooses two primes p, q and computes n = p * q . S chooses a random h(0<h<Ai) 

■ The public key is ( N, b). 

■ The private key is (p, q). 

Signing: 


■ To sign a message m the signer S picks random padding U and calculates (m * U)mod N and Solves the 
equation x ( x + b )mod N = ( m * U) mod N. 

■ If there is no solution S picks a new pad U and tries again. 

■ Else the signature on m is the pair ( U,X ) 
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Verification: 

Given a message m and a signature (U, X) the verifier V calculates the equality ofX(X + b) mod N and (m * 
U) mod N. if equality is found, the signature is accepted as valid. 


A workout example : Assuming that Private keys are p = 7 * q = 11 using 4k + 3 prime formation, public 
keys are N = p * q = 77 and b = 2. The m is the hash value of H(x) = 13 2 mod 77 = 15, Let random padding 
u = 13, x = 13 those are suited for the following equation. Attempts are continue until they are equal. 


x(x + b ) mod N 
=>15(15 + 2) mod 77 
= 24 


M * U mod N 
=> (15.17) mod 77 
= 24 


The equation is solvable that is why the signature on m is the pair (17,15) 


Verification message: 


The verifier checks the equality by calculating x(x + b) and (m * U) mod N. If x(x + b) mod N = (m * 
U) mod N, the signature (17,15) on m is valid and accepted. 

Pairing Signature Algorithm-2: 

It is secure with hash function. In most presentations in modern terminology the algorithm is simplified by choosing 
b = 0. The algorithm relies on a collision-resistant hash function H: (0,1}* —> (0, l} k . The hash function H with k 
output bits is assumed to be a random oracle (certain decision problem is solved by single operation) and the 
algorithm works as follows: 

Key Generation: 

■ The signer S chooses primes p, q and computes the product N = p * q 

■ The public key is N. 

■ The private key is (p, q). 

Signing: 


■ Signer S picks random padding U to sign a message m and calculates 

H (m * U) mod N. S then solves the equation x 2 = H (m * U) mod N. 

■ If there is no solution S picks a new pad U and try again. 

■ Else the signature on m is (I/, V) 
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Verification: 


Given a message m and a signature (U, X) the verifier V calculates equality of x 2 mod N and H (m * U) mod N. If 
equality is found, the signature is accepted as valid. 

A workout example: 


Assuming that Alice wants send a secret information(X = 20) to Bob using valid signature. She first hashes the 
secret by m 2 mod N = 20 2 mod 77 = 15 where N is a composite number of two secret private keys are moduli 
p=7, moduli q=ll, both are Blum prime (4k+3). Public key or modulus N = p*q = 7*ll = 77. The hashed value 
15 will be used to generate signature. Signing: (15,25,12) to do that first signer S chooses number U 
probabilistically and see the value of random oracle modulo N matches any quadratic residue modulo N. This 
process continue until both sides of the equation match the hash. Let U = 25 for that 15 * 25 mod 77 = 67 and now 
take such x value for which quadratic residue 67 can be obtained. 


m * U mod N = 15 * 25 mod 77 = 67 


X 2 mod N = 12 2 mod 77 = 67 


Now both sides are equal so the verifier accepts the signature as valid. 


2.3.1 Existing Research on Michael O. Rabin Signature Scheme 


Rabin signature of a message m may consist of single or pair (m, .S'). However, if x 2 — m mod N has no solution, 
this signature cannot be directly generated. To overcome this obstruction, a random pad U was proposed by 
(Pieprzyk, et.al. 2003) and attempts are repeated until x 2 — (m * U) mod N is solvable and thus the signature is the 
triple (m, U, S). A verifier compares m*U mod N with S 2 and accepts the signature as valid when these two numbers 
are equal. (Williams, 1980) devised a modification of the Rabin system which allows the cryptographer to decide 
definitively which of the four square roots the original message is. The security of Rabin-Williams’s signature 
system rely on finding difficulties of square roots. But it did not offer multiple signature facilities in single 
document. It avoids the forgery vulnerability. While that scheme requires the use of two primes respectively 
congruent to 3 and 7 modulo 8. Moreover in the Rabin-Williams scheme, a message cannot be signed twice in two 
different ways, otherwise the factorization of N might get exposed. (Elia, et.al. 2011& 2012) presented a 
modification of H. C. William scheme based on the computation of a Jacobi symbol, where deterministic pad used 
for two purposes is as follows. 

Signing using deterministic pad-1: 

The following deterministic pad calculation method for non Blum prime when m is QNR. When m is not quadratic, 
we use Jacobi Symbol to compute suitable pad and obtain quadratic residues modulo p and q. The quadratic 
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equation x 2 = m mod N is solvable if and only if m is a quadratic residue modulo N and that m is also quadratic 
residue modulo p and modulo q. 



. Equ( 24) 

(t)I- 

.... £qit(25) 

m — {m 1 xp 1 + m 2 xp 2 }mod N . 

...Equ{ 26) 


x 2 = ( m 1 xp 1 + m 2 ip 2 ) ( A t/»i + A rp 2 ) = (A^iY + / 2 m 2 </> 2 ) mod N, where A m i and f 2 m 2 is a 
quadratic residue modulo p and modulo q respectively, since ’ (“^) = (~“) so 

U= « 2 {A Vi + /z'fc). Equ{27) 


A workout example : Assuming that Alice wants to send a secret information (x= 97) to Bob using valid 
signature. She first hashes the secret by x 2 mod N — 97 2 mod 377 = 361 where N is a composite number of two 
secret private keys that is moduli p=13, moduli q=29, public key or modulus N = p * q — 13 * 29 = 377. The 
hashed value 361 will be used to generate signature. 


m t = 361 mod 13 = 10, m 2 = 361 mod 29 = 13 
The Legendre symbol is quadratic residue = +1 

l 2 mod 13=1, 2 2 mod 13= 4, 3 2 mod 13=9, 4 2 mod 13= 3, 5 2 mod 13=12, 6 2 mod 13=10, 7 2 mod 13=10, 8 2 mod 
13=12, 9 2 mod 13=3, 10 2 mod 13=9. ll 2 mod 13=4, 12 2 mod 13=1. 13 2 mod 13=0 that is why calculation is done up 
to p-1. Hence, 10 over 13 is a quadratic residue under modulo 13 that exactly appears twice. 


The Legendre symbol (—J is quadratic non residue = -1 

l 2 mod 29=1, 2 2 mod 29= 4, 3 2 mod 29=9, 4 2 mod 29= 3, 5 2 mod 29=12, 6 2 mod 29= 7, 7 2 mod 29=20, 8 2 mod 29=6, 
9 2 mod 29=23, 10 2 mod 29=13. ll 2 mod 29=5, 12 2 mod 29=28, 13 2 mod 29=24, 14 2 mod 29=22, 15 2 mod29=22, 15 2 
mod 29=24, 17 2 mod 29= 28, 18 2 mod 29=5, 19 2 mod 29=13,20 2 mod 29=23, 21 2 mod 29=6, 22 2 mod 29=20, 23 2 
mod 29=7. 24 2 mod 29=25, 25 2 mod 29=16, 26 2 mod 29=9, 27 2 mod 29=4, 28 2 mod 29=1, 13 over 29 is a quadratic 
non residue under modulo 29 that exactly appears once. Now using Equ.( 24, 25, 26, 27) the following signature 
generated mathematics is calculated. 


» - GDI++(11)1=f a - u+i{i+1}=11 

13 r /13\) If /13\) 13 r , ^ l r , ^ 

f2 =yI 1 - yj + 2 1 1 + y i= y {i - ( - i)}+ 2 {i+( - i)} = 13 
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m — m 1 xp 1 + m 2 ip 2 mod N — 10 * 117 + 13 * (—116) mod 377 

= -338(377) = 377 - 338 = 39 

X 2 = (m 1 xp 1 +m 2 rp 2 ')(f 1 rp 1 + f 2 ip 2 ) = (fim 1 ip 1 + f 2 m 2 ip 2 ) mod N 

= 1 * 10 * 117 + 13 * 13 * (-116) 

= -18434 mod 377 

= (377 * 49) — 18434 

= 18473 - 18434 = 39 

The deterministic padding factor is as follows. 

U = R 2 {f 1 ip 1 + f 2 ip 2 ] = 1 2 {1 * 117 + 13(—116)} mod 377 

= -1391(377)= (377 * 4) — 1391 = 1508- 1391= 117. 

S is the solution of the equation x 2 — (m * t/) mod N — 39 * 17 (377) = 39 

Signed message: (39,117,39) 

Verification: 

The Signer S verify the equation x 2 = (m * U) mod N = 39 * 117 (377) = 39. Since L. H. S (39) = 
R. H. S (39), so the signature is valid for message 97. This is deterministically true as X 2 pre-calculated but 

probabilistically there is no such x value for which the x 2 = (m * U) mod N is true. 

Signing using deterministic pad-2: The followings are deterministically pad calculation method for 
Blum prime (4k+3) when m is QNR. 

fi = (y) . Equ( 28) , f 2 = (^). Equ( 29) 

m = { m 1 xp 1 + m 2 xp 2 }mod N . Equ( 30) 

x 2 = ( m 1 xp 1 + m 2 xp 2 ) (fi xp 1 + f 2 xp 2 ) = (f 1 m 1 xp 1 + f 2 m 2 ip 2 ) modN, where f 1 m 1 andf 2 m 2 is a 

quadratic residue modulo p and modulo q respectively, since = ()f) » (~^) = (y) so that (~y) = 

(v)©" 1 ' u=rH ft’h+kM . 

S is the solution of the equation x 2 — (m * U ) mod N 
Signed message: (m, U,S] 

Verification: equation s 2 — (m * t/) mod N. the signature is valid if and only if equation is true. 
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A workout Example : Assuming that Alice wants to send a secret information (x=20) to Bob using valid 
signature. She first hashes the secret by X 2 mod N — 20 2 mod 77 = 15 where N is a composite number of two 
secret private keys those are moduli p=7, moduli q=ll, public key or modulus N — p * q — 7*11 = 77. The 
hashed value 15 will be used to generate signature. Now using Equ.(28, 29, 30, 31), the following problem has been 
solved. 

trq = 15 mod 7 = 1, m 2 = 15 mod 11 = 4, fi = = 1, 

First let’s check whether 1 over 7 is a quadratic residue or not? For that purposes, we have to check from 1 to p-1. 

I 2 mod 7=1, 2 2 mod 7= 4, 3 2 mod 7=2, 4 2 mod 7= 2, 5 2 mod 7= 4, 6 2 mod 7= 1. It’s clear that 1 over 7 is a quadratic 
residue modulo 7. 

f>= = (~) (“) = (-1) (-1) = h According to Legendre symbol first let’s check whether 2 over 11 is a quadratic 

residue or not? For that purposes, we have to check from 1 to p-1. I 2 mod 11=1, 2 2 mod 11= 4, 3 2 mod 11=9, 4 2 mod 
11= 5, 5 2 mod 11= 3, 6 2 mod 11= 3, 7 2 mod 11=5, 8 2 mod 11= 9, 9 2 mod 11=4, 10 2 mod 11= 1. It’s clear that 2 over 
11 is not a quadratic residue modulo 11. 

m — m 1 ip 1 + m 2 ip 2 mod N — 1 *22 + 4(—21) mod 77 = 15 
x 2 = ( m 1 \p 1 + m 2 ip 2 ) ( A + f 2 i />2 ) = + f 2 m 2 ip 2 ) mod N 

= (1 * 1 * 22 + 1 * 4 * (-21) }mod 77 = 15 

U = R 2 {ft xpt + f 2 xp 2 ] — l 2 (1 * 22 + 1 * (—21)} = 1, Choose such R value for which m*U mod N equal to 
x 2 (pre-calculated). 

Signed message: {15, land 15} where S is the solution of the equation x 2 —(m*U)modN. In this 

circumstances we do not need to find such x value to solve the equation x 2 — (m * U) mod N as this method is 

deterministic. But it was needed to find such X value if it would be probabilistic. Verification: equation s 2 — (m * 
U) mod N., the signature is valid if and only if the equation is true. =15*1 mod 77 = 15, S 2 equivalent to X 2 
which value 15 is already computed. Since L.H.S — R. H. S, Hence the signature is accepted as valid. 

Using a deterministic pad as above, allows different signatures of the same document. It is vulnerable to forgery 
attacks. It is relatively easy to compute S 2 mod N, choose any message m' and compute multiplicative inverse of m' 
(hash value of m), compute U' — S 2 * m' -1 mod N and forge the signature as ( m' 1 , IJ', s) without knowing the 
factorization of N. The following variant countering the forgery attack or vulnerability of Rabin’s signature. 
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Signed Message: ( m, U * R 2 mod N,S * R 3 mod N, R 4 mod N ), so the signature is four tuple where U is padding 
factor and R is a random number selection, Here S is the x’s value for which equation x 2 — (m * 
t/) mod N is true. It is clearly seen that x and U both unknown number which has to be chosen by entity A in order 
to generate signature. 

Verification: Verifier computes (S * K 3 ) 2 mod N and (m* U * R 2 * /? 4 ) mod N and accept the signature is valid if 
and only if aforesaid two number is equal. 

A workout example: Assuming preprocessed m' — 15, U * R 2 = 25 * 3 2 mod 77 = 71, S * R 2 = 12 * 3 2 = 
108 mod 77 — 48 and 3 4 mod 77 — 4. So the signature (15, 71, 48, and 4) is four tuple. The verification 
computations is as follows 

■ (12*3 3 ) 2 m °d 77= (i2 2 ,3 6 ) mod 77= 25 and 

■ 15»25«3 2 *3 4 mod 77=25 

Counter forgery 4-tuple signature (15, 71, 48, and 41) verification is successful, so the signature is valid and 
accepted 

(Elia, et.al, 2013) Described also a crypto intensive technique on Rabin cryptosystem based on Group isomorphism. 
It is in combination of Homomorphism and bijection . A possible solution is to use a function d defined from Zn 
into a group G of the same order, and define a function d t such that d 1 (xi) = d(x 2 ). The public key consists of the 
two functions d and if. At the encryption stage, both are evaluated at the same argument, the message m and the 
minimum information necessary to distinguish their values is delivered together with the encrypted message. The 
decryption operations are obvious. The true limitation of this scheme is that d must be a one-way function, 
otherwise two square roots that allow us to factor N can be recovered as in the residuosity subsection. This 
approach come to exits that given N, let P — p w + 1 computes smallest prime using Mobius function that 
certainly exists by Dirichlet's theorem (Apostol, 1976) that is congruent 1 modulo N. Let g be a primitive element 
generating the multiplicative group Z*p- 

Define g t = g^ and g 2 = an( j as US ual let m denote the message. 

Public key: {N, P, gi, g 2 } 

Encryption stage : C, bo, di, d 2 , pi, p 2 } where C = m 2 mod N, b 0 = m mod 2, pi is a position in the binary 
expansion of gj m mod p, whose bit di is different from the bit in the corresponding position of the binary expansion 
of g 2 m mod p, and p 2 is a positioning the binary expansion of gp" 1 mod p, whose bit d 2 is different from the bit in 
the corresponding position of the binary expansion of g 2 ~ m mod p. 
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Decryption stage: 

- compute, as in (3), the four roots, written as positive numbers, 

- take the two roots having the same parity specified by bo, say zi and Z 2 , 

- Compute A =g 1 Zl mod p and B = g j 22 mod p 

- Between zi and Z 2 , the root is selected that has the correct bits di and d 2 in both the given positions pi and p 2 of the 
binary expansion of A or B.The algorithm is justified by the following Lemma. 

Lemma 6 . The power go = g M generates a group of order N in Zp, thus the correspondence x <-» g 0 x establishes an 
isomorphism between a multiplicative subgroup of Zp and the additive group of Z* N . 

A workout example: 

An isomorphism (Homomorphism + bijection) establishes a mathematical mapping or operation between 
multiplicative subgroup of integer Z p and additive group of integer ZJ,. These are multiplicative subgroup G *7 and 
G*n what have been introduced in appendix C. It is being seen that each row is permutation of other row except first 
row. Simply we can say two mathematical objects are isomorphic if an isomorphism exists among them. The 
additive group of composite number has been shown in appendix C. 

According to pre-definition. Let p = 7, q — 11, N — 77, P — p w + 1 — p On) + l 

= (—l) 2 +1 = 2, 1 st Generator of group g t = g^ and 1 st Generator of group g 2 = g^^ 22+21 ' ) = g^ G 3 ) = g _1 
and m = 13 denoted the message. 

Public key: {77,2, g ± , g 2 }. 

Encryption stage: {C, bo, di, d 2 , pi, P 2 }, where C = 13 2 mod 77=15, bo = 13 mod 2=1, 


i\ 13 mod 2=1. 


Pi=gi m mod P= 3 13 mod 2= 1, di= g 2 m mod P = (3 4 ) 


P 2 = gi m mod P = 2 13 mod 2= 0, d 2 = g 2 " m mod P = (3' 1 )' m °d 2 3 L mod 2 1 
Decryption stage: Step (1, 2) is expressed by congruence law . 

Step-1: -~- Vi — 1 mod 7 —> 11 Vi — 1 mod 7^ 2 Vi = 1 mod 7^ Vi = 2 
Step-2: ^ V 2 = 1 mod 11—>7 Vi= 1 mod 11^ (-3)V 2 = 1 mod ll^Vi = 8 

The following roots are deterministic polynomial time for Blum prime. 



a 3 = p — a t = 7—1 = 6 
([inverse of af) 
a 4 = q — a 2 = 11 — 9 = 2 
(inverse of a 2 ) 



1 + + 1 


[--] 


Now according to CRT, Four roots are calculated as follows. 


https://doi.org/10.29322/ijsrp.29.12.2019 


57 



Publication Partner: 

International Journal of Scientific and Research Publications (ISSN: 2250-3153) 

Step-1: [+ +] Z = 1 mod 7 and Z = 9 mod 11 

Zi = ja x * V-i * ^ + a 2 * V 2 * mod N 

= (l * 2 * — + 9 * 8 * — ] mod 77 = 527 mod 77 = 64 

t 7 11 J 

Step-2: [- -] Z = 6 mod 7 and Z = 2 mod 11 

Z 2 = ja 3 * Pl * ~ + a 4 * V 2 * mod N 

= (6*2* — +2*8*— ) mod 77 = 244 mod 77 = 13 

t 7 11 J 

Step-3: [+ -] Z = 1 mod 7 and Z = 2 mod 11 

Z 3 = ■{% * V-l * ^ + a 4 * V 2 * ^ | mod N 

= (l * 2 * —+ 2 * 8 * —(mod 77 = 134 mod 77 = 57 

t 7 11 J 

Step-4: [- +] Z = 6 mod 7 and Z = 9 mod 11 

Z 4 = ja 2 * Vi * ^ + a 3 * V 2 * ^| mod N 

= (6*2* — +9*8* — ) mod 77 = 636 mod 77 = 20 

t 7 11 J 

Choose two roots specified by bo and rearrangement them as first small root for small group and larger root for larger 
group. Those are (Z 2 , Z 3 ) = (13, 57). 

Computations: 

A = g ± Z2 mod P, A=3 Z2 mod P = 3 13 mod 2 = 1 (this is for small group) 

B = g^ 3 mod P =2 S7 mod 2 = (2 8 ) 7 * 2 1 mod 2 = 0 (this for larger group). It is clearly seen that A matches to 

di since Pi and di are one to one correspondence. Hence, Z 2 =13 is our plaintext. 

(Sidorov,et.at, 2015) described a bug into implementation of Rabin-Williams digital signature in crypto++ 
framework which is a popular cryptographic framework. The bug is the misuse of blinding technique that is aimed at 
preventing timing attack on the digital signature system implementation. To fix the bugdoors one should ensure 
that the value used for blinding is a quadratic residue modulo p and q. This conditions guarantees that the blinding 
value will be removed at the unbinding step and won’t affect the result of the signing procedure. Although the 
authors of crypto++ aimed at improving the security of the Rabin-Williams signature system implementation but 
eventually made the system completely insecure admitted by authors themselves. The Rabin-Williams signatures 
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become more efficient from state-of-the-art modular -root signature system which was far beyond the simple 
signature system introduced by (Bernstein, 2008). 

(Jaweria, et.al. 2017) proposed a secure gateway discovery protocol using Rabin Signature Scheme in MANET that 
ensures confidentiality goal in heterogeneous environments. Registration process was included to remove the 
malicious nodes. This protocol removes the threat of anti-confidentiality, anti-authentication and anti-duplication. 
The efficiency of this protocol is shown through AVISPA tool. 

(Chaoyang, et, al.,2017) proposed an efficient ID-based signature scheme based on Rabin’s cryptosystem by using 
the forking lemma theorem. This scheme has less exponential operations, it is secure against existential forgery 
under adaptively chosen identity and message attacks in the random oracle model. 

(Bleichenbacher, 2004)] presented a method to compress Rabin signature. Rabin signatures and compressed 
signatures are equally difficult to forge. Compression requires a continued fraction expansion and takes time 
O(log(ri ) 2 )■ Decompression requires two multiplications and an inverse over sz/ n zz and a square root in z z and 
require time O(log(n) 2 - 

2.4 Key distribution protocol 

(Stalling,W., 2016) presented Diffie-Heilman key exchange protocol which was introduced by Malcolm John 
Williamson (British mathematician and cryptographer) in 1976. The first published public-key algorithm appeared 
in the seminal paper by Diffie and Heilman that defined public-key cryptography. It is generally referred to as 
Diffie-Hellman key exchange protocol. A number of commercial products employ this key exchange technique. The 
purpose of the algorithm is to enable two users to securely exchange a key that can then be used for subsequent 
encryption and decryption of messages. The algorithm itself is limited to the exchange of secret values. The security 
of Diffie-Hellman algorithm depends on the difficulty of computing discrete logarithms. 


Global Public elements: N is a prime number which can define a domain so called 

curve area or elliptic curve, a is a primitive root of N 
such that a < N. 
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Key Generation for user A: Select private key Xa such that Xa < N and then 

calculate public key Ya = a xa mod N. 

Key Generation for user B: Select private key X/, such that X/, < X and then 

calculate public key Yb~ a xb mod N 
Secret key for user A : K= (Y/,) xa mod N 
Secret key for user B : K= (Y a ) xh mod N 
A workout Example: 

An integer number N = 353 that is domain size and its primitive root a = 3. A and B select secret keys A = 97 and B 
= 233, respectively. Each of them computes public key: 

A computes X = 3 97 mod 353 = 40 and B computes Y = 3 233 mod 353 = 248. 

They compute secret key in the following ways by exchanging public key between each other. A computes K — 
(Y) a mod 353 = 24897 mod 353 = 160 and B computes K = (X) B mod 353 = 40233 mod 353 = 160. 

2.4.1 Brute-force Attack 

We assume an attacker would have available the following public information: 

N = 353, a = 3, Ya = 40, Y B = 248. It would be possible by brute-force to determine the secret key 160. In particular, 
an attacker Eve can determine the common key by discovering a solution to the following equations: 


3“ mod 353 = 40. Equ.(32) 

3 b mod 353 = 248. Equ(33) 


The brute-force approach is to calculate exponentiations of 3 modulo 353, stopping when the result equals either 40 
or 248. The desired answer is reached with the indices of 97 which provides 3 97 mod 353 = 40. However, with the 
larger numbers, the problem becomes impractical. 


2.4.2 The Man-in-the middle attack 

The protocol is insecure against man-in-the-middle attack. Suppose Alice and Bob wish to exchange keys and Darth 
is the adversary. The attack proceeds as follows. 

Step-1: Darth prepares for the attack by generating two random private keys X D] and 
X B2 and then computing the corresponding public keys Y Dl and Y Dz 
Step-2: Alice transmits YaK) Bob. 
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Step-3: Darth intercepts Ya and transmits Y 0l to Bob. Darth also computes 
K 2 — (Y a ) Xd 2 mod N 

Step-4: Bob receives Y D and calculates K 1 = (Y d ) Xb mod N 
Step-5: Bob transmit Yu to Alice. 

Step-6: Darth intercepts Yb and transmits Y Dl to Alice. She computes also 
Ki — (Y b ) x °i mod N 

Step-7: Alice receives Y Dl and calculates K 2 = (Y Di ) Xa mod N 
A workout example: 

Table 2.4: The process of the man-in-the-middle attack 


An 

Alice & 

An 

□arth 2^ 

^ r; 

Bob JJr 

Private Key Xa=2 

Private keys X Dl = 7, X D2 =11, ▼ 

Private key Xb = 5 and 

public key Y A = a X/ 1 mod N 

Public keys: Y Di = a x °i mod N = 69 

public key 

A 

Y D2 = a ^ D 2 mod N = 294 

Y B — a XB mod N= 243 

S3 =9 

.* ^ 



Intercepting key = 9, Calculating secret 

key K 2 — (Y A ) XD 2 mod N — 304 

Calculating secret key 

Ki = (Y Dl ) Xe mod N 
= 250 






JCw 

K 2 = (Y Dz ) Xa mod N = 304 

Y D 2 


Alice and Darth shared 

secret key K 2 

Calculating secret key 

K l = (Y B ) XD imodN = 250 

Bob and Darth shared 

secret key K x 


At this point Bob and Alice think that they share a secret key but instead Bob and Darth share secret key Ki and 
Alice and Darth share secret key K 2 

All further communication between Bob and Alice is computed in the following ways. 

Step-1: Alice sends an encrypted message (M): E(K 2 , M) 

Step-2: Darth intercepts the encrypted message and decrypts it to recover M 
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Step-3: Darth sends information to Bob by£'(/t 1 , M) or E(K lt /If'), where M' is any message. Case 1: Darth 
wants to eavesdrop on the communication without altering it. In the second case, Darth wants to modify the 
message going to Bob. The key exchange protocol is vulnerable to such an attack because it does not authenticate 
the participants. This vulnerability can be overcome with the use of digital signature and public key certificates and 
newly designed M.S.H. Biswas Cryptosystem. 
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CHAPTER 3 


RESEARCH METHODOLOGY 


3.1 Description of research methodology 

My research methodology requires gathering relevant data from applied cryptographic article and assembling them 
in order to analyze the mathematical concepts applied in cryptography and arrive at more complete understanding in 
order to construct a new cryptosystem which will be able to solve all the problem formulated in problem statement 
from Michael O. Rabin cryptosystem. The problem that was formulated by me in chapter one required to study a lot 
of cryptographic articles related to Michael O. Rabin cryptosystem. Because, I proposed to solve all of the problem 
of Michael O Rabin Cryptosystem and that’s why 1 needed to inquire about whether the formulated problem had 
already been solved by other researcher. It was the requirement of my research activities which was if the problem 
had already solved by other researcher, I had to choose another topic. I had studied more than 65 articles related to 
Michael O. Rabin Cryptosystem, but none of them solved the similar quadratic residue identification problem from 
that my confidence level grew and I stacked to it that I need to develop a new cryptosystem which would be able to 
solve similar quadratic residue identification problem in Michael O. Rabin cryptosystem. I hope to shed light on the 
following questions through my research. What could be convenient solution for identifying similar quadratic 
residue generated from different input? To solve the issues, I had to prototype a mathematical model for several 
times due to see what the solution fit for it. How was I able to solve the problem? It was great history behind my 
research. I started with zero knowledge protocol that was my first preference to develop a new zero knowledge 
protocol from existing one. 1 had been studying zero knowledge protocol for 5 months. But I did not find any 
suitable problem because it was well defined protocol and that was used in Block chain technology. One day, I was 
reading an elliptic curve cryptography in Wikipedia where an author mentioned that the there was no solution to 
identify similar quadratic residue generated from different input in Michael O. Rabin Cryptosystem. Seeing that I 
simultaneously changed my research topic and I had been studying Rabin cryptosystem for 18 days. I simulated a 
mathematical experiment by hand and I was continuing prototyping to solve that problem. I was able to solve the 
problem within 18 days. How did I ensure that my solution is correct? It was simple because mathematically it 
showed correct result in all the time. I tested by giving different input and provided real output what I expected. I 
had written a review article and submitted to USER. It was a great news for me that my research article was 
accepted by USER and it was published on June 2019 over there. But, the proposed mathematical model could not 
authenticate the actual sender because it was a just cipher which was unable to fulfil the requirements of 
cryptosystem. I studied the Rabin signature Scheme and other researcher’s outcome about the Rabin signature 
scheme. I observed that several researcher solved the forgery attack on Rabin signature in different ways. I applied 
my mathematical intelligence in order to add authentication facility to update my newly developed cipher article 
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namely “A mathematical model for ascertaining same ciphertext generated from different plaintext in Michael O. 
Rabin Cryptosystem”. I had successfully implemented authentication system in October 2019. I submitted my 
review article namely “M.S.H. Biswas crypto-intensive techniques” to same journal for publication and that was 
also published on October 15, 2019 in USER. It was a hybrid cryptosystem which comprised 4 types key: public 
key, private key, shared secret key, and pre-negotiated key. I did not give mathematical proof for that because of not 
giving opportunity to proofreading of my article. I submitted updated version but even after I did not get any 
response from USER. I applied mathematical problem solving skills which was exploratory research techniques on 
an unexamined issues and I also used descriptive research type for research documentation that is called thesis. I 
used two type data collection instruments which were as follows: 

Surveys: 

I used internet based surveys and questionnaire based surveys using laptop and tab for data collection. This is a 
quantitative and descriptive data collection approach. A number of literature review selecting sources were 
considered. I had selected literature that was closely related to the research objective. I used Google search engine as 
a primary data collection source. I specially concentrated on scholarly article, cross reference article and other 
scientific articles. I downloaded literature from different sources such as Science Direct, IEEE, research gate, MDPI, 
Springer, Google scholarly article. I also used different social media for clarification of particular problem. The 
secondary data collection approach was Sci-Hub which provides free access to millions of research papers and 
books without regard to copyright. 

Interviews: 

Secondly. 1 had used interview based data collection technique that was qualitative and exploratory research 
technique. My research was exploratory research because a number of well-defined theories had been applied to 
solve the formulated problem of Michael O. Rabin cryptosystem. I used open questioners on Google through 
internet connected device. 1 tried to continue follow-up questions in order to keep logical sequence. I visited 
hundreds of website to clarify different problem. I also visited different educational media for clarifying 
mathematical reasoning. I sometimes experienced new issues of surface. But I also used observation technique by 
doing mathematical experiment. My observation technique was as follows. 

Observations: 

To design a new cryptosystem, I had prototyped mathematical experiment on hand many times to justify whether my 
method was efficient enough to fulfill a particular objective. My research was theoretical but it covers applied 
cryptographic research because it has real life application such as RFID chips which is greatly used in supply chain 
management system particularly freight monitoring system. 1 hope implemented cryptosystem will soon be used in 
RFID chips. At the final stage, when I had completed research documentation (thesis writing), it required to review 
in order to correction. During correction time, I took another initiatives to design a new smallest cipher where all of 
my beloved teachers’ names and their respective pictures will be framed as a memory. I again had succeeded to 
develop a new smallest cipher which was published in IJSRP on December 2019 edition namely “A systematic study 
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on classical cryptographic cypher in order to design a smallest cipher”. All of my publications have been appended 
at the end of research document (List of publication). Fortunately, my research methodology was followed by agile 
methodology which was actually software development methodology. Because, I had intention to design a new Zero 
knowledge protocol, but it turned into implementation a new cryptosystem namely ’’M.S.H. Biswas cryptosystem” 
which was unexpected outcome. 1 think research is one of the most precious thing because it helps see the world in 
different window. I also think research is the only way to be a scholar. By doing this research, I have gained research 
experience and publication skill. My writing skills have greatly enhanced while writing this research document. I 
understood difference between review article, research article and research documentation. The main purpose to do 
research in cryptography is that I would like to achieve PhD in applied cryptography and I want to get involved in 
teaching profession. I would like to make a scientific carrier in computer science. It seems to me that research has 
great impact on human nervous system. The research is an antidote of depression. I experienced different scientific 
mathematical application, scientific writing method and robust sentence structure from there 1 influenced to achieve 
good communicative skills in English and that is why I am going to get admitted to MA in TESOL at 
Northsouth University. 
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CHAPTER 4 


RESULTS & DISCUSION 


4.1 M.S.H. Biswas cryptosystem 


In this research activities, I have designed a new public key cryptosystem according to my name which was 
published and appended at end of this manuscript (List of publication) which can effectively encrypt and 
decrypt furthermore receiver can authenticate sender using signature algorithm based on Diffie - Heilman key 
exchange protocol, concept of square modular arithmetic from Michael O. Rabin Cryptosystem, Floor function 
and absolute value function. Presumably let an entity A wants communicate information to other entity B. The 
both entities A and B should have some confidentiality. Two entities communicate each other over insecure 
channel where espionage can detect the communication and reveal the sensitive information that is why an 
efficient technique is necessary to ensure secure communication over digital medium between two parties. They 
need a secret key for encoding message in order to preserve message confidentiality and ensure security. The 
Diffie-Hellman key exchange protocol can be used to solve these phenomenon. The both entities A and B 
create a shared secret key using aforesaid key exchange protocol and then both of them use same key is 
generated from Diffie-Hellman key exchange protocol. A encrypts secret information with a secret key so that 
unauthorized entity cannot presume and disclose real information. A encrypts information and chooses an 
equivalent residuum to generate signature by solving equation m(m + g) = (f * r * u) modulo k or r(r + g) = 
(f * r * u) modulo k , where r is quadratic residue modulo k, g is generator of elliptic curve, f is floor value of 
quadratic quotient modulus K and u (undefined random number) is selected arbitrarily to justify truthiness of 
equation. A sends only 4-tuple signature ( [f,r,u,r e ) to receiver B in case-1 and another case-2 require to send 
both ciphertext and signature. The entity B verifies the signature by checking truthiness of equation r e = (/ * 
r * u) modulo k or r e e (n * r * u) modulo k. B opens message by \^jf * k + r\ if and only if aforesaid 
equation is true, otherwise it rejects. 


Key Generation Algorithm: 

K = (Yt) xa mod N 
= (cf h mod N) Xa mod 
= (of b ) Xa modN ' 

= a xbXa mod 


= (a Xa ) xb mod N- 



= (cf a mod N) mod N ' 
= (Y a ) xb mod N 
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Encipher Algorithm: 

To encrypt a message m, we need to computes f = |^-| and r = m 2 mod k, c — (f, r), where f = floor value, 

r = residuum, hence c = pairwise ciphertext. Ciphertexts are sometimes called hash value and denoted by h(m). 

Signcryption Algorithm: 

The signcryption algorithm is combination of signature generation and signature verification algorithm. To sign a 
message, signer S try to find the solution of the equation either m(m + g) = c * u mod k i=> m(m + g) = (f * r * 
u) mod k. or r(r + g) = c * u mod k i=> r(r + g) = (f * r * u) mod k. The truthiness of equation gives four tuple 
signature (f, r, u, r e ), where r e = m(m + g) mod k, r e = Equivalent residuum. The verifier V verify the signatory 
by calculating the same equation r e = (f *r * u) mod k. Notice, verifier is actually intended receiver who open 
message depending on truthiness of aforesaid equation. The opening process is as follows. 

Decryption Algorithm: 

The verifier opens message by | * k + r \ 

4.1.1 Mathematical proof of M.S.H. Biswas Cryptosystem 

Assuming that Alice wants to send a secret information for example, A=65 to Bob using valid signature. She first 
hashes the secret message by m e m 2 modulo shared secret key and floor value of |f^-|. She sends together 

signature and hashed message with to Bob. Bob reveals message after verifying the signature of sender. The entire 
process is as follows. 

Key generation procedure: 

Table 4.1: Key Generation protocol structure 


Alice (Sender) 

Eve (Eavesdropper) 

Bob(Receiver) 

Known 

Unknown 

Known 

Unknown 

Known 

Unknown 

E=113 






g=5 






Private key P=7 

0=11 


7, 11 

Private key 

Q=l 1 

P=7 

A= 5 7 mod 113 


1 


B= 5 11 mod 113 = 34 

A=i4 7 mod 113 

K s =40 

34 

i : 

j i»... 

1 

1 

. 

42 

► 

B= 42 11 mod 113 

K s =40 


Note*: g=generator, E=eIIiptic curve area, Ks= shared secret key 
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Base step for cipher algorithm: 


The square is a number multiplied by itself. The squaring function can transform an integer number into a natural 
number. The rules of mathematics imply that transformation of squared number to squared free number require 
square root function which is actually inverse function of square number. In mathematics, an inverse function or 
anti-function is a function that reverse another function: if the function f applied to an input x gives a result of y, 
then applying its inverse function g to y gives the result x and vice versa, i.e., t'(x) = y iff g(y) = x. The division is 
inverse of multiplication according to basic mathematical rules. The truthiness of encipher method and decipher 
method for initial value is as follows. Let message (m) = 1, m ■-» m 2 


Cypher text (c) = (/, r) = 


Floor value (/) = |^j = 0 
Residuum (r) = l 2 mod 40 


1 


Plaintext = Decryption = d = \ jf * k + r\ . 

= |V0 * 40 + l| 

= |Vl| = 1 (proved). 

As base case is true, depending on it the next step can be proceeded. 

Induction Step for Cipher algorithm: 


,Equ. (1) 
.Equ.(2) 


If a decimal number is divided by another one, the quotient and remainder are generated as per basic mathematical 
rule. In other perspective, quotient can be counted by floor function and remainder can be counted by modular 
arithmetic. 


A general division arithmetic for example- (divider)40 


105(quotient) 

65 2 =4225(divident) 

-40 

225 

_ -200 _ 

25(remainder) 


The keyword is divider which often acts in this cryptosystem as a division arithmetic at time as modular arithmetic 
where divider is indicated as a modulus. Since division is inverse of multiplication according to basic mathematics, 
for that reason, to retrieve the message quotient will have to be multiplied by the divider (keyword) and remainder 
will also have to be multiplied by the divider and then both will have to be added, because a natural number is 
divided into two parts. But in this cryptosystem, the remainder does not need to multiply with divider when message 
is retrieved because of modular arithmetic readily calculate residue which is equivalent to number after decimal 
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point X modulus. Therefore, for the reconstruction of the message, at first three distinct number will have to be 
recombined as reverse to sender actions which is as follows. 

floor value * keyword + residue 

This function construct a new number which is actually squared number. As quotient and residue are derived from 
squared number, square root function must be used to make it square free lik ej floor value * keyword + residue. 
The result derived from it will be either positive or negative value but natural number is to be counted only using 
absolute value function like | ^ floor value * keyword + residue |. This computation must result in original 
message according to mathematical logic. Suppose for m = n and k — n, proposed cipher technique is true. Let us 
see the truthiness of cipher technique is as follows. 

Quotient(q) = [n 2 -t- nj = n, Residuum (r) = n 2 mod n = 0 
Cypher text (c) = (q, r) = (n, 0) 

Decryption = d = \ Jq *k + r\ 

= |Vn * n + o| 

= |Vn 2 ! = n (Proved) 

Since proposed cipher technique results in n terms correctly, the mathematical induction for proposed cipher 
technique is correct. 

Base step for Syncryption Algorithm: 

it is necessary, both quotient and residuum must be natural number that is greater than zero in order to generate 
signature for M.S.H. Biswas cryptosystem. The division arithmetic means that distribute integer number among 
divider and remaining left as a remainder because it cannot be distributed as a round number. When an even number 
is divided by an odd number likewise an odd number is divided by an even number, the calculator results in rational 
number which contains two parts: left-hand side is an integral number and right hand side fractions part. To calculate 
number after decimal point, the modular arithmetic is required which results in integer number. 

Induction step for Syncryption: 

The proposed syncryption algorithm works better depending on two proposition. The signature can be generated and 
verified by two significant ways: One of them is described in case-1 and other one is illustrated in case-2. 
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Case-1: Signature generation & verification 

• Signature can be generated depending on following proposition. 

^ I fFloor value (/) = [m 2 4- fcj iff m 2 >k & m £ 0 

(Residuum (r) = m 2 mod k iff mj 0 &m 2 £ k 

According to assertion (1), Equ.(3) must be true to generate signature. 

m(m + g) = {h(m) * u] mod k 
= (c * u) mod k 

= (f * r * u)mod k . Equ.(3) 

To make signature is more intractable, Eqa.(3) can also be written as 

r(r + g) = (f * r * u)mod k .Now let us see Equ.(3) has to be true satisfying proposition (1). For 

instance, message (65) plugging in Equ.(3) 

65(65 + 5) = (105 * 25 * 14) mod 40 
30 = 30 (modulo 40) 

Since equivalent residue r e = 30. Depending on it sender generates 4-tuple signature (105, 25, 14, and 30) 

based on Equ.(l,2 and 3) and sends it to receiver. Receiver is the verifier who verify signature by 

calculating Equ.(4) is as follows. 

r e = (f * r * u)mod k. Equ.(4) 

= (105 * 25 * 14) mod 40 
= 30 ( mod 40) [Verified] 

Verifier decrypts message by depending on truthiness of above equation. If any value of four tuple 
signature is altered during transmission, the aforesaid equation becomes fails and verifier reject message. 
Otherwise, signature is accepted by verifier and he or she will open the message by decipher method 
Equ.(2) is as follows. 

D = \^Jq * k + r| 

= |V105 * 40 + 25| 

= |a/ 42251 = 65 = A (proved). 

As it is shown that signature generation and verification according to proposition (1) and Equ.(3,4) is true, 
for this reason, mathematical induction is proved for case-1. 
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Case-2: Signature generation & verification 

• Signature can be generated depending on following proposition. 

^ (ceiling value (n) = \ m 2 -h k] iff m 2 < k &m £ 0 

(Residuum (r) = m 2 mod k iff 0 & m 2 S k 

According to assertion (2), Equ.(5) must be true to generate signature. 

m(m + g) = {h(m) * u] mod k 
= (c * u) mod k 

= (n*r*u)modk . Equ.(5) 

To make signature more intractable, Equ.(5) can also be written as 

r(r + g) = (n * r * u)mod k .Now let us see Equ.(5) has to be true satisfying proposition (2). For 

instance, message (1) plugging in Equ.(5) 

1(1 + 5) =(1*1* 6) mod 40 
■■•6 = 6 (modulo 40) 

So equivalent residue r e - 6. Sender generates 4-tuple signature (1, 1, 6 and 6) based on Equ.(l,2 and 
5). In this case-2, Sender has to be sent four tuple signature together with ciphertext to receiver. 
Because receiver can verify signatory of intended sender but it cannot open message from signature 
only. Receiver is the verifier who verify signature by calculating following equation. 

r e = (q * r * u)mod k. Equ.(6) 

= (1*1*6) mod 40 
= 6 (mod 40) [Verified] 

Verifier decrypts message by depending on truthiness of Equ.(6). If any value of four tuple signature is 
altered during transmission, the aforesaid Equ.(6) becomes false and verifier reject message. Otherwise, 
signature is accepted by verifier and open message by decrypting ciphertext in similar fashion (Equ. (2)). 
As it is shown that signature generation and verification by Equ.(5, 6) satisfying proposition (2) is true, 
for this reason, mathematical induction is proved for case-2. 
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4.1.2 Comparison of Michael O. Rabin and M.S.H. Biswas Cryptosystem 


Table 4.2: The comparison between two cryptosystems. 


Michael O. Rabin Cryptosystem 

1. Ciphertext is a quadratic residue. 

2. Decryption generates 4-tuple 

3. It uses asymmetric key 

4. This is a asymmetric cryptography 

5. It does not offer simultaneous communication 
between two entities. 

6. It facilitates one party active other party 
passive. 

7. It is vulnerable against chosen ciphertext 
and plaintext attack. 

8. Michael O. Rabin’s Encryption and decryption 
system cannot identify same ciphertext 
generated from different plaintext. For example, 


C=13 2 C=20 2 C=57 2 C=64 2 

mod 77 mod 77 mod 77 mod 77 



9. C = 15 which against what input that is 
encryption failure and to decrypt C = 15 
result in same 4-tuple that is decryption 
failure. 

10. One party key issuer other party message 
sender. Both party cannot communicate 
simultaneously because key issuer wait for 
other party’s message. Secret key possesses 
only one party. 

11. Advantage of Michael O. Rabin Signature: 


M.S.H. Biswas Cryptosystem 

1. Ciphertex is a pair of integer. 

2. Decryption result in single plaintext. 

3. It uses shared secret key publicly. 

4. This is public key cryptosystem. 

5. It offers simultaneous communication between 
two entities. 

6. It facilitates the both entities active. 

7. It is strong against man in the middle attack, 
brute-force attack, modulus exponential 
attack, chosen ciphertext and plaintext attack. 

8. It is strong due to having ability to distinguish 
same Ciphertext uniquely generated from 
different plaintext. 

9. Proposed technique can identify same 

ciphertext against different plain text. 

10. proposed cypher can efficiently identify same 
residues separately generated from distinct 
plaintext using quotient-residuum technique is 
as follows: 

Plaintext m= 13, Residuum=l 3 2 mod 77 

Quotient= [~J' Corresponding encrypted text C 

= (2,15) 

Plaintext m = 20, Residuum=20 2 mod 77=15, 
I 20 2 I 

Quotient^ |—J =5, Corresponding encrypted text 

C =(5,15) 

Plaintext m = 57, Residuum=57 2 mod 77=15, 

Quotient=|^j=42, Corresponding encrypted text 
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The signature actually contains several 
interesting feature are 
o The signature is possible using 
Every pair of primes, 
o Different signatures of the same 
Documents are different. 

12.The verification needs only two 
multiplications and therefore it is fast 
enough to be used in authentication protocol 

12. Disadvantage Michael O. Rabin Signature: 
It is vulnerable to forgery attacks. It is 
relatively easy to compute S 2 mod N and 
choose any message m' after that compute 
multiplicative inverse of m' (hash value of 
m), compute U' — ( S 2 * m' x ) mod N and 
forge the signature as (?n' _1 , U', s) without 
knowing the factorization of N. 


C = (42,15) 

Plaintext m = 64, Residuum=64 2 mod 77=15, 

Quotient=|^-|=53, Corresponding encrypted text 

C = (53,15) 

11. The proposed crypto intensive technique can 
uniquely identify each cipher text against 
plaintext 

12. It is unforgeable in forgery attack while Rabin 
signature is forgeable in forgery attack. 

13. Advantage of M.S.H. Biswas Signature: The 
signature is generated by computing the 
congruence equation m(m + g) = c * u mod 
k. It require less time complexity compare to 
Michael O. Rabin public key signature 
scheme. 

14. It is unforgeable against forgery attack 
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CHAPTER 5 


CONCLUSIONS 


1.1 Conclusion 

The proposed M.S.H. Biswas cryptosystem is efficient for solving identification of problem of similar quadratic 
residue generated from different plaintext in Michael O. Rabin cryptosystem on the one hand. On the other hand, the 
signature algorithm is capable to handle forgery attack, chosen plaintext attack. Brute force attack, and man-in-the 
middle attack. It helps removing four to one mapping signature and one to four mapping decryption. Identification 
each ciphertext separately was the first objective because modular arithmetic can generate same cyphertext from 
different plaintext. The proposed mathematical model can efficiently identify each ciphertext separately generated 
form modular reduction arithmetic. To verify sender and validate message through signature verification system was 
2 nd objective where both authentication and integrity elements have been successfully deployed to implement 
signature scheme. Proposed key generation technique is derived from Diffie — Heilman key-exchange protocol but 
there was a security vulnerability in symmetric key generation stage (man in the middle attack), because it could not 
authenticate the participants. The proposed cryptosystem not only provided solution of similar quadratic residue 
identification problem but it also ensure security and confidentiality by syncription algorithm.. 

1.2 Research Contributions 

In this research activities, a new public key cryptosystem has been designed by removing barrier of similar quadratic 
residue identification problem in Michael O. Rabin cryptosystem. It consists of Key generation algorithm. 
Encryption algorithm. Decryption algorithm. Signature generation algorithm and Signature verification algorithm, 

1.3 Future Work 

I woidd like to leave encryption scheme for future cryptographic reader to make concrete ciphertext which can 
uniquely identify similar quadratic residue separately generated from different input. 


https://doi.org/10.29322/ijsrp.29.12.2019 


74 


Publication Partner: 

International Journal of Scientific and Research Publications (ISSN: 2250-3153) 

REFERENCES 


Alex, A., Wool, A. & Yossef, O, (Tel-Aviv and Columbia University ), (2014). A Secure Supply-Chain RFID 
System that respects your privacy, In: Published by the IEEE CS, 1536-1268/14/IEE 

Awad, Y.Kassar, A.N. El & Kadri, T.(2018). Rabin public-key cryptosystem in the domain of Gaussian Integers, In: 
International conference on computer and application (ICCA). 

Apostol, T.M.(1976). Introduction to analytic number theory, Springer, new York, and wikipedia has good 
description about Direclet theorem on arithmetic progression. 

Bezout, E( 1779), Theory generate a statement in algebraic geometry. Paris, France: Phd, Pierres. Weisstein. Eric W, 
Bezout’s Identity, Mathworld. 

Bellare, M. & Neven, G. (2006) Multi-Signatures in the Plain Public-Key Modeland a General Forking Lemma, 
CCS, Alexandria, Virginia, USA, ACM 1-59593-518-5/06/0010 

Berzati & Goubin L.(2008). Perturbing RSA public keys: An improved attack, In E.Oswald, P.Rohatgi (eds.): 
Cryptographic Hardware & Embedded System (CHES), Lecture notes in computer science vol.5154, 
springer and pp.380-395 

Berzati, A., Canovas-Dumas, C. &. Goubin, L(2009) Fault attacks on RSA public Keys: Left-To-Right 
implementations are also vulnerable. In: M. Fischlin (ed): CT- RSA, Lecture notes, vol.5473, 

Springer, pp. 414-428 

Bhatt, M., Shweta S. & Deshmukh, M. (2018).Deterministic Rabin Cryptosystem, In: 3 rd International Conference 
on Internet of Things and Connected Technologies (ICIoTCT), Research gate publication no.325330795 

Bernstein, D. J. (2008). RSA and Rabin-William signatures: The state of the art”, In: EUROCRYPT, Proceeding of 
the theory> and applications of cryptographic techniques 27 th annual international conference on advances 
in cryptology’pages. 70-87, ISBN: 3-540-78966-9, 978-3-540-78966-6 

Bleichenbacher, D.(2004). Compressing Rabin Signatures, In: T. Okamo to (Ed.): CT- RSA, LNCS 2964, 
pp.126-128, Springer- Verlag Berlin Heidelberg, Bell labs-Lucent Technologies. 


https://doi.org/10.29322/ijsrp.29.12.2019 


75 


Publication Partner: 

International Journal of Scientific and Research Publications (ISSN: 2250-3153) 

Chaoyang Li, Xiangjun xin and Xiaolin Hua,(2017). An efficient ID-based Rabin signature without pairings. In: 
International Journal of Multimedia and Ubiquitous Engineering Vol. 12, No.3 (2017), pp.75-80, 
doi: 10.14257/jimue.2017.12.3.08 

Chandrakar, R & Hari O, (2017). An efficient two factor remote user Authentication and session key agreement 
scheme using Rabin cryptosystem, doi: 10.1007/sl3369-2709-6 

Chakraborty, R.,Biswas, S. & Mandal, JK, (2014). Modified Rabin Cryptosystem through Advanced Key 
Distribution System, In: Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, 

P-ISSN: 2278-8727 Volume 16, Issue 2, Ver. XII (Mar-Apr. 2014), PP. 01-07, www.iosriournals.org 

Choi, D. Jun, B. Lee, J.& Subong L.,( 2018). Arithmetic of generalized Dedekind sums and their modularity[Online]: 
doi: 10.1515/math-2018-0082 


Drane, T., Cheung, W. & Constantinides, G. (2012). Correctly Rounded Constant Integer Division Via Multiply-add, 
In: The IEEE International Symposium on Circuits and Systems, Conference Paper, doi: 10.1109/ISCAS. 
2012.6271461 

Dong, X. Han S. & Yun (2017). A modifications of the Rabin cryptosystem based on cubic residues. In : 

Communications, information management and network security (CIMNS), ISBN: 978-1-60595-498-7 

Editor, Dailystar (2016).Bangladesh Bank reserve hacking In: https://www.thedailystar.net/tags/Bangladesh bank¬ 
hacking 

Elia, M, Piva, M. & Schipani, D.(2013). The Rabin cryptosystem revisited. arXiv:1108.5935v3 [math.NT], 
Mathematics Subject Classification (2010):94A60, 11T71, 14G50 

Elia, M. Piva, M. & Schipani, D.(2011). Rabin cryptosystem revisited Elia, M. & Schipani, D.(2010). On the Rabin 
signature. In: Journal of Discrete Mathematical Science and Cryptography 16(6). 

Elia, M. Piva, M. & Schipani, D.(2013). Rabin cryptosystem revisited, In: Mathematics subject classification 
(2010):94A60, 11T71, 14G50, University of Zurich, Switzerland, 

Frohlich, M,J &Taylor (1994). Algebraic Number Theory, Cambridge Univ. Press. Gauss, C. F. Arthur, T. Clark, A. 
(1965). Disquisitiones Arithmeticae, Yale University’ Press, ISBN: 0-300-09473-6 


https://doi.org/10.29322/ijsrp.29.12.2019 


76 



Publication Partner: 

International Journal of Scientific and Research Publications (ISSN: 2250-3153) 

Grosswald, E., (2009). Topics from the Theory of Numbers, Birkhauser, Basel 

Gani, H. (2019). A mathematical analysis of RSA and Rabin Cryptosystem, In: Researchgate publication no. 
332834881(2019) 

Hasim,, H. R.(2014). H-Rabin Cryptosystem, In: Journal of Mathematics and Statistics. 
doi: 10.3844/jmssp.2014.304.308, Researchgate publication:264286919 

Hardy, G. H., E.M. Wright (1971), An Introduction to the Number theories, Oxford: Clarendon Press, 

Hardy, G.H. & Wright, E.M (1980). An introduction to the Theory (5 th ed). Oxford: Oxford University Press, ISBN: 
978-0-19-853171-5 

Ireland, K., M. & Rosen,( 1998.). A Classical Introduction to Modern Number Theory, New York, Springer 

Jones, G. A. & Jones, J.M.( 1998). The Legendre symbol, 7.3 in Elementary Number Theory Berlin, Springer- Verlag, 
pp. 123-129, 

Jaweria, Usmani, Prakash, J. (2017). A secure gateway discovery protocol using Rabin signature scheme in 
MANET, In: International Journal on Communications Antenna and Propagation 7(5):439 
doi: 10.15866/irecap.v7i5.12581 

Kaminaga, M. Yoshikawa, H., Shikoda, A. & Suzuki, T. (2016) Member IEEE, Crashing Modulus Attack on 
Modular Squaring for Rabin Cryptosystem. doi:10.1109/TDSC.2016.2602352, IEEE 

Klimov, N.I (2001), Mobius function. In Hazewinkel, Michael Edward, Encyclopedia of Mathematics, Springer 
Science+ Business Media B.V./ Kluwer Academic Publishers, ISBN: 978-1-55608-010-4 

Karen, M. Strom,(2012). ASCII-Sticks and Stones, an alphabetic book for the 21 st century. Publisher: Polytropos 
Press, ISBN: 9780988378520 

Knuth G. & Patashnik,(1988). Concrete Mathematics: A foundation for computer science.(2 nd ed.), ISBN- 
10:0201558025 

Katz & Victor J.( 1998), a History of mathematics, an Introduction (2 nd edition). Addison Wesley Longman, 

ISBN: 978- 0-321-01618-8 


https://doi.org/10.29322/ijsrp.29.12.2019 


77 


Publication Partner: 

International Journal of Scientific and Research Publications (ISSN: 2250-3153) 

Lemmermeyer, F.,( 2000). Reciprocity Laws, New York, Springer. 

Manuel, Bronstein, et.al., eds.(2006). Solving Polynomials Equations: Foundations, Algorithms and applications. 
Springer, ISBN: 978-3-540-27357-8 

Menzes A., P.van Oorschot and S. Vanstone (1997). Michael O. Rabin Cryptosystem, In: Handbook of Applied 
Cryptography 

Mahad, Z. & Ariffin, M. R. K.(2015). A new efficient method to overcome Rabin cryptosystem decryption failure 
Problem, In: International Journal of Cryptology Research 5(1 ):11-20(2015) 

Peter, H.(2013) .The distribution of weighted sums of the Liouville function and Polya’s Conjecture, In: Journal of 
Number Theory, 133(2):545-582. Arxiv: 1108.1524, doi: 10.1016/j.jnt 

Pieprzyk, J. Hardjono, T. & Seberry, J.(2003) Fundamentals of Computer Security, New York: springer. 

Rabin, Michael. O. J.F. Traub, eiditor. (1976) Probabilistic algorithm, algorithm and complexity, recent results and 
new directions, academic press, inc. New York, San Francisco, pp.21-40 

Rabin,, Michael O. (1979). Digitized signatures and public key functions as intractable as factorization, Technical 
report MIT-LCS-TR-212, MIT laboratory’ for computer science. 

Rademacher, H.. E. Grosswald, (1972).Dedekind Sums, MAA, New York, 

Roger, N. & Michael, S.,(1978). Using encryption for authentication in large networks of computers, 
Communication of the ACM. 21 (12):993-999, doi: 10.1145/359657.359659 

Saxl, G., Ferdik, M., Fischer,M., Maderboeck, M. and Ussmueller,T.( 2019). Article UHF RFID prototyping 

Platform for ISO 29167, Decryption based on an SDR, www.mdpi.com/journal/sensors. Sensors, 19.2220: 
cfoi'.T 0.3390/s 19102220 

Stallings, W .(2016). Cryptography and Network security Principles and Practices.(6 th ed.) Jndia, Pearson Press. 
ISBN: 978-93-325-1877-3. 

Sattar, I., Raheem, A. Hamad, M. H.(2015). Design and implement Rabin crypto code as Guider for Stego-system, 

A1 Mustansiriyah University. 

https://doi.org/10.29322/ijsrp.29.12.2019 


78 



Publication Partner: 

International Journal of Scientific and Research Publications (ISSN: 2250-3153) 

Srivastava, A. K. & Mathur, A.(2013). The Rabin Cryptosystem & analysis in measure of Chinese Remainder 

Theorem, In: International Journal of Scientific and Research Publications, Volume 3, Issues 6, June 
2013, ISSN: 2250-3153 

Sidorov, E.& Kandex LLC(2015). Breaking the Rabin-Williams digital signature system implementation in 
Crypto++ library, In: Journal of Cryptology’, iacr.org, 

Stallings, W.(2016). Cryptography and Network Security Principles and Practices, 6 th Edition. ISBN: 978-93-325- 
1877-3, India: Pearson press. 

Takagi, T. & S. Naito, (1997). An extension of Rabin Cryptosystem to Eisenstein and Gauss Fields, IEICE Trans. 
Fundamentals, Vol. E80-A. 

Varil, A.,(2014) Dirichlet’s Theorem on arithmetic Progressions, Harvard University, Cambridge, MA 02138 
Wikipedia has good description about Group Isomorphism. 

Williams, H.C., (1998). A modification of the RSA public-key encryption procedure, IEEE 
Trans, on inform, Th.IT- 26(6), pp.726-729 

Waite, W.M. ((1987).Needham, R. M., Schroeder, Authentication revisited, ACM SIGOPS Operating System 
Review, 21(1):7. doi:10.1145/24592.24593 

Williams, H.C.G980). A modification of the RSA public key encryption procedure, IEEE Trans. On Information 
theory, IT-26(6), pp. 726-729 


https://doi.org/10.29322/ijsrp.29.12.2019 


79 


Publication Partner: 

International Journal of Scientific and Research Publications (ISSN: 2250-3153) 

APPENDIX A 


Table A. 1: ASCII values 


Letter 

ASCII 

Binary 

Letter 

ASCII Code 

Binary 

a 

097 

01100001 

A 

065 

01000001 

b 

098 

01100010 

B 

066 

01000010 

c 

099 

01100011 

C 

067 

01000011 

d 

100 

01100100 

D 

068 

01000100 

e 

101 

01100101 

E 

069 

01000101 

f 

102 

01100110 

F 

070 

01000110 

g 

103 

01100111 

G 

071 

01000111 

h 

104 

01101000 

H 

072 

01001000 

1 

105 

01101001 

I 

073 

01001001 

j 

106 

01101010 

J 

074 

01001010 

k 

107 

01101011 

K 

075 

01001011 

1 

108 

01101100 

L 

076 

01001100 

m 

109 

01101101 

M 

077 

01001101 

n 

110 

01101110 

N 

078 

01001110 

0 

111 

01101111 

O 

079 

01001111 

p 

112 

01110000 

P 

080 

01010000 

q 

113 

01110001 

Q 

081 

01010001 

r 

114 

01110010 

R 

082 

01010010 

s 

115 

01110011 

S 

083 

01010011 

t 

116 

01110100 

T 

084 

01010100 

u 

117 

01110101 

U 

085 

01010101 

V 

118 

01110110 

V 

086 

01010110 

w 

119 

01110111 

w 

087 

01010111 

X 

120 

01111000 

X 

088 

01011000 

y 

121 

01111001 

Y 

089 

01011001 

Z 

122 

01111010 

Z 

090 

01011010 
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APPENDIX B 


Table B. 1: Infinitely many prime formation 


Arithmetic progression 

First 10 prime number counting 

2n + 1 

3,5,7,11,13,17,19,23,29,31,... 

4n + 1 

5,13,17, 29,37,41, 53,61, 73,89,... 

4n + 3 

3, 7,11,19,23,31,43,47, 59,67,... 

6n + 1 

7,13,19,31,37,43,61,67, 73, 79,... 

6n + 5 

5,11,17, 23,29,41,47, 53, 59, 71,... 

8n + 1 

17,41,73,89,97,113,137,193,233,241,... 

8n + 3 

3,11,19,43,59,67,83,107,131,139,... 

8n + 5 

5,13,29,37, 53,61,101,109,149,157,... 

8n + 7 

7, 23,31,47, 71, 79,103,127,151,167,... 

lOn + 1 

11,31,41,61, 71,101,131,151,181,191,... 

lOn + 3 

3,13,23,43,53, 73,83,103,113,163,... 

lOn + 7 

7,17, 37,47,67,97,107,127,137,157,... 

lOn + 9 

19,29, 59, 79,89,109,139,149,179,199,... 

12n + 1 

13,37, 61, 73,97,109,157,181,193,229,... 

12n + 5 

5,17, 29,41, 53,89,101,113,137,149,... 

12n + 7 

7,19,31,43,67, 79,103,127,139,151,... 

12n + 11 

11,23,47,59, 71,83,107,131,167,179,... 
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APPENDIX C 


Table C.l: The generator of group Gi = {3,5} under mod 7 


First subgroup of elements 

gf mod 7 

g‘ 

sr 

g 3 

g 4 

g 5 

g 6 

Comments 

1 

1 

l 

1 

1 

1 

1 

1 st row-column unique 

2 

2 

4 

1 

2 

4 

1 

X 

3 

3 

2 

6 

4 

5 

1 

Generator 

4 

4 

2 

1 

4 

2 

1 

X 

5 

5 

4 

6 

2 

3 

1 

Generator 

6 

6 

1 

6 

1 

6 

1 

X 


Table C.2: The generator of group G 2 = {2, 6, 7, 8} under modulo 11 


gf (W 


tf 

g 3 

g 4 

g 5 

g 6 

g 7 

g 8 

g 9 

g 20 

Comments 

l 

1 

1 

1 

1 

1 

1 

1 

1 

1 

1 

1 st row-col same 

2 

2 

4 

8 

5 

10 

9 

7 

3 

6 

1 

Generator 

3 

3 

9 

5 

4 

1 

3 

9 

5 

4 

1 

X 

4 

4 

5 

9 

3 

1 

4 

5 

9 

3 

1 

X 

5 

5 

3 

4 

9 

1 

5 

3 

4 

9 

1 

X 

6 

6 

3 

7 

9 

10 

5 

8 

4 

2 

1 

Generator 

7 

7 

5 

2 

3 

10 

4 

6 

9 

8 

1 

Generator 

8 

8 

9 

6 

4 

10 

3 

2 

5 

7 

1 

Generator 

9 

9 

4 

3 

5 

1 

9 

4 

3 

5 

1 

X 

10 

10 

1 

10 

1 

10 

1 

10 

1 

10 

1 

X 
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Table C.3: The modular additive group of N=77 


+ 

|l | 

2 

3 

4 

5 

6 

7 

8 

9 

I 

To] 

11 

12 

13 

14 

15 

16 

17 

18 

19 

I 1 1 

2 

3 

4 

5 

6 

7 

8 

9 

.1° 


11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

2 

3 

4 

5 

6 

7 

8 

9 . 

fiol 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

3 

4 

5 

6 

7 

8 

9 . 

(ioJ 


12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

4 

5 

6 

7 

8 

9 

liol 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

5 

6 

7 

8 

9 

to) 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

6 

7 

8 

9 . 

liol 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

7 

8 

9 

£o| 

JL 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

8 

9 

r<Ti 

ii 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

9 

Qoj 

ii 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

JPj 

» 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

34 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

34 

35 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

34 

35 

36 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

34 

35 

36 

37 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

34 

35 

36 

37 

38 




+ 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

34 

35 

36 

37 

38 

19 

39 

40 

41 

42 

43 

44 

45 

46 

47 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

20 

40 

41 

42 

43 

44 

45 

46 

47 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

58 

21 

41 

42 

43 

44 

45 

46 

47 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

22 

42 

43 

44 

45 

46 

47 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

60 

23 

43 

44 

45 

46 

47 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

60 

61 

24 

44 

45 

46 

47 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

60 

61 

62 

25 

45 

46 

47 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

60 

61 

62 

63 

26 

46 

47 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

60 

61 

62 

63 

64 

27 

47 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

60 

61 

62 

63 

64 

65 

28 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

60 

61 

62 

63 

64 

65 

66 

29 

49 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

60 

61 

62 

63 

64 

65 

66 

67 

30 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

60 

61 

62 

63 

64 

65 

66 

67 

68 

31 

51 

52 

53 

54 

55 

56 

57 

58 

59 

60 

61 

62 

63 

64 

65 

66 

67 

68 

69 

32 

52 

53 

54 

55 

56 

57 

58 

59 

60 

61 

62 

63 

64 

65 

66 

67 

68 

69 

70 

33 

53 

54 

55 

56 

57 

58 

59 

60 

61 

62 

63 

64 

65 

66 

67 

68 

69 

70 

71 

34 

54 

55 

56 

57 

58 

59 

60 

61 

62 

63 

64 

65 

66 

67 

68 

69 

70 

71 

72 

35 

55 

56 

57 

58 

59 

60 

61 

62 

63 

64 

65 

66 

67 

68 

69 

70 

71 

72 

73 

36 

56 

57 

58 

59 

60 

61 

62 

63 

64 

65 

66 

67 

68 

69 

70 

71 

72 

73 

74 

37 

57 

58 

59 

60 

61 

62 

63 

64 

65 

66 

67 

68 

69 

70 

71 

72 

73 

74 

75 
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+ 

39 

40 

41 

42 

43 

44 

45 

46 

47 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

38 

0 

1 

2 

3 

4 

5 

6 

7 

8 

9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

39 

1 

2 

3 

4 

5 

6 

7 

8 

9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

40 

2 

3 

4 

5 

6 

7 

8 

9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

41 

3 

4 

5 

6 

7 

8 

9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

42 

4 

5 

6 

7 

8 

9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

43 

5 

6 

7 

8 

9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

44 

6 

7 

8 

9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

45 

7 

8 

9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

46 

8 

9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

47 

9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

48 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

49 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

50 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

51 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

52 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

53 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

54 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

34 

55 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

34 

35 

56 

18 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

34 

35 

36 

57 

19 

20 

21 

22 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

34 

35 

36 
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+ 

57 

58 

59 

60 

61 

62 

63 

64 

65 

66 

67 

68 

69 

70 

71 

72 

73 

74 

75 

76 

58 

38 

39 

40 

41 

42 

43 

44 

45 

46 
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50 
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52 
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60 
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45 
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63 

43 
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